James Lee

Van-Thuan Pham

Research Associate

About Me

I am working at NUS (as a Research Associate) and I am the CEO of Test1080, a startup from NUS which provides an automated mobile testing solution based on a patented technology. I am passionate about doing R&D on automated testing to improve the reliability of software systems running on all types of computing devices such as embedded systems, mobile devices, personal computers and servers. Currently, I am working on (security) testing for Android apps. During my PhD studies at NUS, under the supervision of Prof Abhik Roychoudhury I did research on fuzz testing techniques (black-box, coverage-based grey-box and symbolic-execution based white-box fuzzing) and applied these techniques to vulnerability detection, crash reproduction and debugging. Beside my academic research work, I also have experiences in working and collaborating with industry on other projects in embedded systems, image processing, manufacturing management systems and simulation. For more details, please check out my CV.

News

  • 19 Feb 2017. served as a lab instructor for the 24-hour Fuzzing Hackathon at Fuzz Testing for Finding Vulnerabilities Workshop.
  • 18 Feb 2017. Our new fuzzing technique has found several security bugs in widely-used utilities & libraries such as readelf, objdump, cxxfilt, nm and zlib in just a few days of execution. So far, 14 bugs have been confirmed and fixed by the maintainers. Five (5) CVEs have been assigned (CVE-2017-6965, CVE-2017-6966, CVE-2017-6969, CVE-2017-7209 and CVE-2017-7210)
  • 22 Dec 2016. "Bucketing Failing Tests via Symbolic Analysis" has been accepted at FASE/ETAPS 2017.
  • 22 July 2016. "Coverage-based Greybox Fuzzing as Markov Chain" has been accepted at CCS 2016.
  • 7 July 2016. "Model-based Whitebox Fuzzing for Program Binaries" has been accepted at ASE 2016.
  • 18 Apr 2016. Get an offer from Entrepreneur First (EF) - a Europe's leading pre-seed investment programme - to join their first cohort in Singapore to build technology start-ups.
  • 6 Aug 2015. Get Research Achievement Awards from School of Computing, NUS.
  • 19 Dec 2014. "Hercules: Reproducing Crashes in Real-World Application Binaries" will appear in ICSE 2015.
  • Publications

    Bucketing Failing Tests via Symbolic Analysis

    Van-Thuan Pham, Sakaar Khurana, Subhajit Roy and Abhik Roychoudhury
    International Conference on Fundamental Approaches to Software Engineering (FASE) 2017

    PDF

    Coverage-based Greybox Fuzzing as Markov Chain

    Marcel Böhme, Van-Thuan Pham and Abhik Roychoudhury
    ACM Conference on Computer and Communications Security (CCS) 2016

    PDF

    Model-based Whitebox Fuzzing for Program Binaries

    Van-Thuan Pham, Marcel Böhme, Abhik Roychoudhury
    IEEE/ACM International Conference on Automated Software Engineering (ASE) 2016

    PDF Slides Video

    Hercules: Reproducing Crashes in Real-World Application Binaries

    Van-Thuan Pham, Wei Boon Ng, Konstantin Rubinov and Abhik Roychoudhury
    ACM/IEEE International Conference on Software Engineering (ICSE) 2015

    PDF

    Integrated Timing Analysis of Application and Operating Systems Code

    Lee Kee Chong, Clement Ballabriga, Van-Thuan Pham, Sudipta Chattopadhyay and Abhik Roychoudhury
    IEEE Real-time Systems Symposium (RTSS) 2013

    A General Solution supporting Real-time and Remote Electrocardiogram Diagnostic based on Embedded and Mobile Technology

    Dung Cao Tuan, Thuan Pham Van, Viet Hoang Anh
    International Symposium on Information and Communication Technology (SoICT) 2012

    Patent Application

    Autonomous reasoning system for vulnerability analysis

    Praveen Murthy, Bogdan Copos and Thuan Pham
    (Short description) Automated vulnerability detection and program repair system working directly on program binaries.
    United States Patent Application - US20160259943

    Selected Work Experience

    Research Associate - NUS (4/2017 - Present)

    Doing research on Fuzz testing techniques for vulnerability detection & crash reproduction.

    Research Assistant - NUS (5/2016 - 3/2017)

    Doing research on Fuzz testing techniques for vulnerability detection & crash reproduction.

    Research Intern - Fujitsu Laboratories of America (2/2015 - 5/2015)

    Involved in a team to build an automated Cyber Reasoning System (CRS) to participate in the DARPA Cyber Grand Challenge - The World’s first all-machine hacking tournament.

    Lecturer - Hanoi University of Science and Technology (8/2007 - 8/2012)

    Taught courses in subjects such as Microprocessors, Embedded Systems, Microsoft .NET Framework and involved in R&D and technonogy transfers activities.

    Co-founder & Trainer - Embedded247 Training Center (5/2011 - 7/2012)

    Designed courses & involved in training activities.

    Co-founder & Research Lead - Mimas Solutions and Services jsc., (5/2011 - 7/2012)

    Designed and developed prototypes for emotion & image recognition systems.

    Research Intern - Orange France Telecom (2/2009 - 7/2009)

    Designed and evaluated routing protocols for wireless sensor networks.

    Awards

    Research Achievement Award AY2014/2015 - School of Computing, NUS (AY2014/2015)

    Presented to PhD students who have achieved outstanding research performance.

    3rd prize VIFOTEC Scientific and Technological Innovation Award - Ministry of Science and Technology (Vietnam) (2011)

    For an automatic mirror-rotation based Goniophotometer hardware & software system. The product was bought by Rang Dong Lighting Ltd., one of the biggest lighting companies in Vietnam.

    Top 5 Intel & DST Asia Pacific Challenge 2011 - (2011)

    For a Brain-Computer-Interace (BCI) based emotion recognition system.

    1st prize Vietnamese Talent Award - (2010)

    For a system helping disabled people to control electronic/electrical devices via brain signals.