Research
My core research interest includes computer systems and system security, including program analysis, system provenance analysis, cyber security experimentation and analysis, trusted execution environments, security of AI and other emerging systems.
I have also started new research explorations in security-related topics beyond computer systems: economics/finance/policy aspects of cyber security, such as prevention of online scam, financial modeling of cyber crime, and cyber insurance.
Research Directions
System security and cyber experimentation
- Kernel mechanisms for confidential computing
- System provence mechanisms and analysis techniques
- Cyber experimentation as code
Software security and program analysis
- Scalable binary/program analysis for vulnerability discovery
- Testing and analysis for non-traditional bug types
- Mobile malware analysis
AI and security from system perspective
- Application of AI and recommendation system in software and system security
- LLM security analysis using software security techniques
- Agentic system analysis and protection
Security beyond systems
- Online scam prevention
- Financial modeling of cyber crime and incidents, economics of cyber security
- Cyber insurance and cyber risk analysis
Research Awards
- Distinguished Paper Award, the 2nd International Sports Analytics Conference and Exhibition (ISACE), 2025.
- Distinguished Paper Award, the 34th USENIX Security Symposium, 2025.
- Best Practical Paper Award, the 27th International Symposium on Research in Attacks, Intrusions and Defenses (RAID), 2024.
- Distinguished Paper Award Honorable Mentions, the 21st Network and Distributed System Security Symposium (NDSS), 2019.
- Best Paper Award, the 14th International Conference on Wireless Algorithms, Systems, and Applications (WASA), 2019.
- Best Paper Award, the 19th International Conference on Engineering of Complex Computer Systems (ICECCS), 2014.
- Best Paper Award, Web 2.0 Security & Privacy Workshop (W2SP), 2014.
- ACM SIGSOFT Distinguished Paper Award, the ESEC and ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC-FSE), 2009.
- Best Paper Award, the 16th USENIX Security Symposium, 2007.
- Outstanding Paper Award, the 19th Annual Computer Security Applications Conference (ACSAC), 2003.