Meng Xu

Ph.D. Student
School of Computer Science
Georgia Institute of Technology

I am a 4th-year Ph.D. student at School of Computer Science, Georgia Tech, advised by Professor Taesoo Kim. I am a member of SSLab and IISP. For the 2017 summer, I have been working as a visiting scholar with Professor Michael Backes at CISPA, Saarland University, Germany.

Research Interests

System security, N-version programming, Bug finding.


7. QSYM: A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing (to appear)
Insu Yun, Sangho Lee, Meng Xu, Yeongjin Jang, and Taesoo Kim
In Proceedings of the 27th USENIX Security Symposium (Security'18)

6. Precise and Scalable Detection of Double-Fetch Bugs in Kernels
Meng Xu, Chenxiong Qian, Kangjie Lu, Michael Backes, and Taesoo Kim
In Proceedings of the 39th IEEE Symposium on Security and Privacy (Oakland'18)

5. Checking Open-Source License Violation and 1-day Security Risk at Large Scale
Ruian Duan, Ashish Bijlani, Meng Xu, Taesoo Kim, and Wenke Lee
In Proceedings of the 24th ACM Conference on Computer and Communications Security (CCS'17)

4. PlatPal: Detecting Malicious Documents with Platform Diversity
Meng Xu, and Taesoo Kim
In Proceedings of the 26th USENIX Security Symposium (Security'17)

3. Bunshin: Compositing Security Mechanisms through Diversification
Meng Xu, Kangjie Lu, Taesoo Kim, and Wenke Lee
In Proceedings of the 2017 USENIX Annual Technical Conference (ATC'17)

2. Toward Engineering a Secure Android Ecosystem: A Survey of Existing Techniques
Meng Xu, Chengyu Song, Yang ji, Ming-Wei Shih, Kangjie Lu, Cong Zheng, Ruian Duan, Yeongjin Jang, Byoungyoung Lee, Chenxiong Qian, Sangho Lee, and Taesoo Kim
In ACM Computing Surveys (CSUR) Volume 49, Issue 2, August 2016

1. UCognito: Private Browsing without Tears
Meng Xu, Yeongjin Jang, Xinyu Xing, Taesoo Kim, and Wenke Lee.
In Proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS'15)
[Slides] [Demo]

Research Experience

Research Intern Microsoft Research, Redmond 2018.5 - 2018.8
Research Intern Facebook, Menlo Park 2018.1 - 2018.4
Visiting Scholar CISPA, Saarland University, Germany 2017.5 - 2017.8
Research Assistant Georgia Institute of Technology, Atlanta 2014.8 - Present

Professional Service

PC member CCS 2018
Student PC member IEEE S&P 2018
Shadow PC member EuroSys 2018
Reviewer Computers & Security 2016

Talks and Presentations

Security through Multi-layer Diversity Georgia Institute of Technology, PhD Qualyfing Exam 2017.10

Reported Vulnerabilities

CVE-2017-15037 Function smb_strdupin() in sys/netsmb/smb_subr.c has a race condition with a resultant out-of-bounds read, because it can cause t2p->t_name strings to lack a final '\0' character.


Meng Xu
Lab 3108, Klaus Advanced Computing Building
266 Ferst Drive
Atlanta, GA 30332