Meng Xu

Ph.D. Student
School of Computer Science
Georgia Institute of Technology

meng.xu@gatech.edu


I am a sixth year Ph.D. student at School of Computer Science, Georgia Tech, advised by Professor Taesoo Kim. I am a member of SSLab and IISP. I have also worked with Professor Michael Backes at CISPA, Saarland University, Germany, for the summer of 2017 and Dr. Marcus Peinado at Microsoft Research, Redmond, for the summer of 2018. I am on the academic job market this year.


Research Interests

System security, bug finding via symbolic analysis and fuzz testing, N-version programming

Conference Publications

12. KRace: Data Race Fuzzing for Kernel File Systems (conditionally accepted)
Meng Xu, Sanidhya Kashyap, Hanqing Zhao, and Taesoo Kim
In Proceedings of the 41st IEEE Symposium on Security and Privacy (Oakland'20)

11. Finding Semantic Bugs in File Systems with an Extensible Fuzzing Framework
Seulbae Kim, Meng Xu, Sanidhya Kashyap, Jungyeon Yoon, Wen Xu, and Taesoo Kim
In Proceedings of 27th ACM Symposium on Operating Systems Principles (SOSP'19)
[Slides] [Code]

10. Dominance as a New Trusted Computing Primitive for the Internet of Things
Meng Xu, Manuel Huber, Zhichuang Sun, Paul England, Marcus Peinado, Sangho Lee, Andrey Marochko, Dennis Mattoon, Rob Spiger, Stefan Thom
In Proceedings of the 40th IEEE Symposium on Security and Privacy (Oakland'19)
[Slides]

9. QSYM: A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing
Insu Yun, Sangho Lee, Meng Xu, Yeongjin Jang, and Taesoo Kim
In Proceedings of the 27th USENIX Security Symposium (Security'18)
* Distinguished Paper Award
[Slides] [Code]

8. Precise and Scalable Detection of Double-Fetch Bugs in Kernels
Meng Xu, Chenxiong Qian, Kangjie Lu, Michael Backes, and Taesoo Kim
In Proceedings of the 39th IEEE Symposium on Security and Privacy (Oakland'18)
[Slides] [Code]

7. Checking Open-Source License Violation and 1-day Security Risk at Large Scale
Ruian Duan, Ashish Bijlani, Meng Xu, Taesoo Kim, and Wenke Lee
In Proceedings of the 24th ACM Conference on Computer and Communications Security (CCS'17)
[Slides] [Code]

6. PlatPal: Detecting Malicious Documents with Platform Diversity
Meng Xu, and Taesoo Kim
In Proceedings of the 26th USENIX Security Symposium (Security'17)
[Slides] [Code]

5. Bunshin: Compositing Security Mechanisms through Diversification
Meng Xu, Kangjie Lu, Taesoo Kim, and Wenke Lee
In Proceedings of the 2017 USENIX Annual Technical Conference (ATC'17)
[Slides] [Code]

4. UCognito: Private Browsing without Tears
Meng Xu, Yeongjin Jang, Xinyu Xing, Taesoo Kim, and Wenke Lee.
In Proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS'15)
[Slides] [Code] [Demo]


Journal Publications

3. Stopping Memory Disclosures via Diversification and Replicated Execution
Kangjie Lu, Meng Xu, Chengyu Song, Taesoo Kim, and Wenke Lee
In IEEE Transactions on Dependable and Secure Computing (TDSC) preprint, October 2018

2. Prevention of Cross-update Privacy Leaks on Android
Beumjin Cho, Sangho Lee, Meng Xu, Sangwoo Ji, Taesoo Kim, and Jong Kim
In Computer Science and Information Systems (ComSIS) Volume 15, Issue 1, August, 2018

1. Toward Engineering a Secure Android Ecosystem: A Survey of Existing Techniques
Meng Xu, Chengyu Song, Yang ji, Ming-Wei Shih, Kangjie Lu, Cong Zheng, Ruian Duan, Yeongjin Jang, Byoungyoung Lee, Chenxiong Qian, Sangho Lee, and Taesoo Kim
In ACM Computing Surveys (CSUR) Volume 49, Issue 2, August 2016


Publication Pipeline

I have an exciting first-authored paper in the pipeline regarding security in smart homes. Let me know if you would like a preview.

Research Experience

Research Intern Microsoft Research, Redmond 2018.5 - 2018.8
Research Intern Facebook, Menlo Park 2018.1 - 2018.4
Visiting Scholar CISPA, Saarland University, Germany 2017.5 - 2017.8
Research Assistant Georgia Institute of Technology, Atlanta 2014.8 - Present

Professional Service

PC member CCS 2018
Student PC member IEEE S&P 2018
Shadow PC member EuroSys 2018
Reviewer Computers & Security 2016

Talks and Presentations

Precise and Scalable Detection of Double-Fetch Bugs in Kernels Internet Security Conference (ISC) 2018, Beijing, China 2018.09
Chinese Academy of Sciences, Beijing, China 2018.09
CERIAS Seminar, Purdue University, West Lafayette, IN 2018.11
Security through Multi-layer Diversity Georgia Institute of Technology, PhD Qualyfing Exam 2017.10

Reported Vulnerabilities

CVE-2017-15037 Function smb_strdupin() in sys/netsmb/smb_subr.c has a race condition with a resultant out-of-bounds read, because it can cause t2p->t_name strings to lack a final '\0' character.

Contact

Meng Xu
Room E1054, CODA Tech Square
756 W Peachtree St NW
Atlanta, GA, 30308