师资队伍
Faculty
详细资料
Details
游伟
电话 :010-62514510
个人主页:https://rucsesec.github.io
电子邮箱:youwei@ruc.edu.cn
更多
教育经历
2010年9月 - 2016月7月: 中国人民大学计算机系 工学博士
2006年9月 - 2010年7月: 中国人民大学信息系 工学学士
2006年9月 - 2010年7月: 中国人民大学信息系 工学学士
工作经历
2019年8月至今: 中国人民大学信息学院 副教授
2017年8月 - 2019月7月: 普度大学计算机系 博士后研究员
2016年8月 - 2017年7月: 印第安纳大学信息与计算学院 博士后研究员
2017年8月 - 2019月7月: 普度大学计算机系 博士后研究员
2016年8月 - 2017年7月: 印第安纳大学信息与计算学院 博士后研究员
研究方向
安全漏洞挖掘
恶意程序分析
移动安全
Web安全
恶意程序分析
移动安全
Web安全
讲授课程
2020~2021 秋季学期 程序设计I(本科生)
2020~2021 秋季学期 操作系统内核分析及安全(研究生)
2019~2020 春季学期 高级程序设计II(本科生)
2019~2020 春季学期 软件安全分析(本科生)
2020~2021 秋季学期 操作系统内核分析及安全(研究生)
2019~2020 春季学期 高级程序设计II(本科生)
2019~2020 春季学期 软件安全分析(本科生)
科研项目
自然科学基金青年科学基金项目,“零知识条件下面向语言的模糊测试方法研究”(62002361),2021.01 - 2023.12.
科研成果
- Yousra Aafer, Wei You*, Yi Sun, Yu Shi, Xiangyu Zhang, Heng Yin. Android SmartTVs Vulnerability Discovery via Log-guided Fuzzing. In Proceedings of the 30th Usenix Security Symposium (SECURITY 2021). Accepted.
- Zhuo Zhang, Wei You*, Guanhong Tao, Yousra Aafer, Xuwei Liu, Xiangyu Zhang. StochFuzz: Sound and Cost-effective Fuzzing of Stripped Binaries by Incremental and Stochastic Rewriting.In Proceedings of the 42nd IEEE Symposiums on Security and Privacy (S&P 2021). Accepted.
- Zhuo Zhang, Yapeng Ye, Wei You*, Guanhong Tao, Wen-chuan Lee, Yonghwi Kwon, Yousra Aafer, Xiangyu Zhang. OSPREY: Recovery of Variable and Data Structure via Probabilistic Analysis for Stripped Binary. In Proceedings of the 42nd IEEE Symposiums on Security and
Privacy (S&P 2021). Accepted.
- I Luk Kim, Yunhui Zheng, Hogun Park, Weihang Wang, Wei You, Yousra Aafer, Xiangyu Zhang. Finding Client-side Business Flow Tampering Vulnerabilities. In Proceedings of the 42nd ACM/IEEE Internatinoal Conference on Software Engineering (ICSE 2020). (CCF A, 录用率: 21%)
- Wei You, Zhuo Zhang, Yonghwi Kwon, Yousra Aafer, Fei Peng, Yu Shi, Carson Harmon, Xiangyu Zhang. PMP: Cost-effective Forced Execution with Probabilistic Memory Pre-planning. In Proceedings of the 41st IEEE Symposiums on Security and Privacy (S&P 2020). (CCF A, 录用率: ~11%)
- Zhuo Zhang, Wei You *, Guanhong Tao, Guannan Wei, Yonghwi Kwon, Xiangyu Zhang. BDA: Practical Dependence Analysis for Binary Executables by Unbiased Whole-program Path Sampling and Per-path Abstract Interpretation. In Proceedings of the 34th ACM Conference on Object-Oriented Programming Systems, Languages and Applications (OOPSLA 2019). (CCF A, 录用率: 36%)
ACM SIGPLAN Distinguished Paper Award
- Wei You, Xueqiang Wang, Shiqing Ma, Jianjun Huang, Xiangyu Zhang, XiaoFeng Wang, Bin Liang. ProFuzzer: On-the-fly Input Type Probing for Better Zero-day Vulnerability Discovery. In Proceedings of the 40th IEEE Symposiums on Security and Privacy (S&P 2019). (CCF A,录用率: 11%)
CSAW Best Applied Security Paper Award TOP-10 Finalists
- Wei You, Xuwei Liu, Shiqing Ma, David Perry, Xiangyu Zhang, Bin Liang. SLF: Fuzzing without Valid Seed Inputs. In Proceedings of the 41st ACM/IEEE Internatinoal Conference on Software Engineering (ICSE 2019). (CCF A, 录用率: 21%)
- Wei You, Bin Liang, Wenchang Shi, Peng Wang, Xiangyu Zhang. TaintMan: An ART-compatible Dynamic Taint Analysis Framework on Unmodified and Non-rooted Android Devices. In IEEE Transactions on Dependable and Secure Computing (TDSC 2017). (CCF A)
- Wei You, Peiyuan Zong, Kai Chen, XiaoFeng Wang, Xiaojing Liao, Pan Bian, Bin Liang. SemFuzz: Semantics-based Automatic Generation of Proof-of-concept Exploits. In Proceedings of the 24th ACM Conference on Computer and Communications Security (CCS 2017). (CCF A, 录用率: 18%)
- Yi Chen, Wei You, Yeonjoon Lee, Kai Chen, XiaoFeng Wang, Wei Zou. Mass Discovery of Android Traffic Imprints through Instantiated Partial Execution. In Proceedings of the 24th ACM Conference on Computer and Communications Security (CCS 2017). (CCF A, 录用率: 18%)
- Wei You, Bin Liang, Wenchang Shi, Shuyang Zhu, Peng Wang, Sikefu Xie, Xiangyu Zhang. Reference Hijacking: Patching, Protecting and Analyzing on Unmodified and Non-Rooted Android Devices. In Proceedings of the 38th International Conference on Software Engineering (ICSE 2016). (CCF A, 录用率: 19%)
- Bin Liang, Pan Bian, Yan Zhang, Wenchang Shi, Wei You, Yan Cai. AntMiner: Mining More Bugs by Reducing Noise Interference. In Proceedings of the 38th International Conference on Software Engineering (ICSE 2016). (CCF A, 录用率: 19%)
- Bin Liang, Miaoqiang Su, Wei You, Wenchang Shi, Gang Yang. Cracking Classifiers for Evasion: A Case Study on the Google’s Phishing Pages Filter. In Proceedings of the 25th International World Wide Web Conference (WWW 2016). (CCF A, 录用率: 16%)
- Wei You, Bin Liang, Jingzhe Li, Wenchang Shi, Xiangyu Zhang. Android Implicit Information Flow Demystified. In Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2015). (CCF C, 录用率: 18%)
- Bin Liang, Wei You, Liangkun Liu, Wenchang Shi, Mario Heiderich. Scriptless Timing Attacks on Web Browser Privacy. In Proceedings of the 44th International Conference on Dependable Systems and Networks (DSN 2014). (CCF B, 录用率: 30%)
- Bin Liang, Wei You, Wenchang Shi, Zhaohui Liang. Detecting Stealthy Malware with Inter-Structure and Imported Signatures. In Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2011). (CCF C, 录用率: 16%)
- Zhuo Zhang, Wei You*, Guanhong Tao, Yousra Aafer, Xuwei Liu, Xiangyu Zhang. StochFuzz: Sound and Cost-effective Fuzzing of Stripped Binaries by Incremental and Stochastic Rewriting.In Proceedings of the 42nd IEEE Symposiums on Security and Privacy (S&P 2021). Accepted.
- Zhuo Zhang, Yapeng Ye, Wei You*, Guanhong Tao, Wen-chuan Lee, Yonghwi Kwon, Yousra Aafer, Xiangyu Zhang. OSPREY: Recovery of Variable and Data Structure via Probabilistic Analysis for Stripped Binary. In Proceedings of the 42nd IEEE Symposiums on Security and
Privacy (S&P 2021). Accepted.
- I Luk Kim, Yunhui Zheng, Hogun Park, Weihang Wang, Wei You, Yousra Aafer, Xiangyu Zhang. Finding Client-side Business Flow Tampering Vulnerabilities. In Proceedings of the 42nd ACM/IEEE Internatinoal Conference on Software Engineering (ICSE 2020). (CCF A, 录用率: 21%)
- Wei You, Zhuo Zhang, Yonghwi Kwon, Yousra Aafer, Fei Peng, Yu Shi, Carson Harmon, Xiangyu Zhang. PMP: Cost-effective Forced Execution with Probabilistic Memory Pre-planning. In Proceedings of the 41st IEEE Symposiums on Security and Privacy (S&P 2020). (CCF A, 录用率: ~11%)
- Zhuo Zhang, Wei You *, Guanhong Tao, Guannan Wei, Yonghwi Kwon, Xiangyu Zhang. BDA: Practical Dependence Analysis for Binary Executables by Unbiased Whole-program Path Sampling and Per-path Abstract Interpretation. In Proceedings of the 34th ACM Conference on Object-Oriented Programming Systems, Languages and Applications (OOPSLA 2019). (CCF A, 录用率: 36%)
ACM SIGPLAN Distinguished Paper Award
- Wei You, Xueqiang Wang, Shiqing Ma, Jianjun Huang, Xiangyu Zhang, XiaoFeng Wang, Bin Liang. ProFuzzer: On-the-fly Input Type Probing for Better Zero-day Vulnerability Discovery. In Proceedings of the 40th IEEE Symposiums on Security and Privacy (S&P 2019). (CCF A,录用率: 11%)
CSAW Best Applied Security Paper Award TOP-10 Finalists
- Wei You, Xuwei Liu, Shiqing Ma, David Perry, Xiangyu Zhang, Bin Liang. SLF: Fuzzing without Valid Seed Inputs. In Proceedings of the 41st ACM/IEEE Internatinoal Conference on Software Engineering (ICSE 2019). (CCF A, 录用率: 21%)
- Wei You, Bin Liang, Wenchang Shi, Peng Wang, Xiangyu Zhang. TaintMan: An ART-compatible Dynamic Taint Analysis Framework on Unmodified and Non-rooted Android Devices. In IEEE Transactions on Dependable and Secure Computing (TDSC 2017). (CCF A)
- Wei You, Peiyuan Zong, Kai Chen, XiaoFeng Wang, Xiaojing Liao, Pan Bian, Bin Liang. SemFuzz: Semantics-based Automatic Generation of Proof-of-concept Exploits. In Proceedings of the 24th ACM Conference on Computer and Communications Security (CCS 2017). (CCF A, 录用率: 18%)
- Yi Chen, Wei You, Yeonjoon Lee, Kai Chen, XiaoFeng Wang, Wei Zou. Mass Discovery of Android Traffic Imprints through Instantiated Partial Execution. In Proceedings of the 24th ACM Conference on Computer and Communications Security (CCS 2017). (CCF A, 录用率: 18%)
- Wei You, Bin Liang, Wenchang Shi, Shuyang Zhu, Peng Wang, Sikefu Xie, Xiangyu Zhang. Reference Hijacking: Patching, Protecting and Analyzing on Unmodified and Non-Rooted Android Devices. In Proceedings of the 38th International Conference on Software Engineering (ICSE 2016). (CCF A, 录用率: 19%)
- Bin Liang, Pan Bian, Yan Zhang, Wenchang Shi, Wei You, Yan Cai. AntMiner: Mining More Bugs by Reducing Noise Interference. In Proceedings of the 38th International Conference on Software Engineering (ICSE 2016). (CCF A, 录用率: 19%)
- Bin Liang, Miaoqiang Su, Wei You, Wenchang Shi, Gang Yang. Cracking Classifiers for Evasion: A Case Study on the Google’s Phishing Pages Filter. In Proceedings of the 25th International World Wide Web Conference (WWW 2016). (CCF A, 录用率: 16%)
- Wei You, Bin Liang, Jingzhe Li, Wenchang Shi, Xiangyu Zhang. Android Implicit Information Flow Demystified. In Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2015). (CCF C, 录用率: 18%)
- Bin Liang, Wei You, Liangkun Liu, Wenchang Shi, Mario Heiderich. Scriptless Timing Attacks on Web Browser Privacy. In Proceedings of the 44th International Conference on Dependable Systems and Networks (DSN 2014). (CCF B, 录用率: 30%)
- Bin Liang, Wei You, Wenchang Shi, Zhaohui Liang. Detecting Stealthy Malware with Inter-Structure and Imported Signatures. In Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2011). (CCF C, 录用率: 16%)
社会兼职
期刊审稿人:
IEEE Transactions on Dependable and Secure Computing (TDSC)
IEEE Transactions on Software Engineering (TSE)
Journal of Computer & Security (JSC)
程序委员会委员:
The ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2020)
IEEE Transactions on Dependable and Secure Computing (TDSC)
IEEE Transactions on Software Engineering (TSE)
Journal of Computer & Security (JSC)
程序委员会委员:
The ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2020)
荣誉获奖
中国人民大学“杰出学者”
博士生国家奖学金
Google优秀奖学金
ACM SIGPLAN Distinguished Paper Award
CSAW Best Applied Security Paper Award TOP-10 Finalists
博士生国家奖学金
Google优秀奖学金
ACM SIGPLAN Distinguished Paper Award
CSAW Best Applied Security Paper Award TOP-10 Finalists