Kangjie Lu

Assistant Professor

Department of Computer Science & Engineering
University of Minnesota

Office: 5-217 Keller Hall, 200 Union St SE Minneapolis, MN 55455
Email: kjlu@umn.edu

Google scholar | GitHub


I am an assistant professor in the Computer Science & Engineering Department of the University of Minnesota--Twin Cities. I research and teach systems security. My primary research lies at the intersection of security, software engineering, operating systems, compilers, and machine learning. I am a recipient of the NSF CAREER award 2021. I earned my Ph.D. in Computer Science from Georgia Tech in 2017.

I'm looking for Ph.D. students, a postdoc, and visiting students. If you are interested in systems and security, please feel free to contact me! See details.

Attention!

I am co-chairing the 2nd International Workshop on Ethics in Computer Security (EthiCS 2023), co-located with NDSS'23. EthiCS welcomes submissions on ethics and security research. Full papers, work-in-progress short reports, and proposals are all welcome. Submission deadline: December 20, 2022. Workshop homepage: https://ethics-workshop.github.io/2023.

Research

I am broadly interested in computer security, and my research frequently intersects software engineering, operating systems, machine learning, NLP, programming languages, compilers, and ethics. My research goal is to secure widely used systems and foundational software, in a both principled and practical manner. My work has resulted in many important updates in popular systems such as the Linux kernel, the Android OS, Apple’s iOS, OpenSSL, and PHP. I have been working towards my research goals in the following directions.

  • Program understanding
    • Foundational program analysis techniques: Indirect-call analysis, type-based analysis, etc.
    • AI-powered analysis of program artifacts, e.g., inferring code behaviors
    • General code-reasoning approaches: Cross-checking, contradictions, symbolic comparison, etc.
  • Secure-by-design defense
    • Enforcing security principles: Least privilege, control- and data-flow integrity, memory safety, etc.
    • Secure compilation, e.g., eliminating compiler-introduced security bugs
    • Trusted computing
  • Sustainable security protection
    • Affordable and secure patch ecosystem: Patch prioritization, testing, propagation, etc.
    • Continuous and incremental testing, e.g., fuzzing and code-change analysis
  • Secure open-source ecosystem
    • Secure vulnerability disclosure
    • Supply-chain security, e.g., secure code generation and code verification
    • Ethics in security research with OSS

We are grateful for NSF for supporting the following projects.

  • Community-Engaged Design and Implementation of a Framework for Ethical Online Communities Research
  • Improving Decentralized Kernel Patch Ecosystems
  • CAREER: Whole-Kernel Analysis Against Developer- and Compiler-Introduced Errors
  • NFLambda -- A Granular, Scalable and Secure NFV Framework for High Performance Packet Processing at 100 Gbps and Beyond
  • Checking Security Checks in OS Kernels
  • MOSE: Automated Detection of Module-Specific Semantic Errors

    2023

  • Silent Bugs Matter: A Study of Compiler-Introduced Security Bugs
    Jianhao Xu, Kangjie Lu, Zhengjie Du, Zhu Ding, Linke Li, Qiushi Wu, Mathias Payer, and Bing Mao.
    To appear in Proceedings of the 32nd USENIX Security Symposium (Security'23). Anaheim, CA, August 2023.
  • Practical Program Modularization with Type-Based Dependence Analysis
    Kangjie Lu.
    To appear in Proceedings of the 44th IEEE Symposium on Security and Privacy (Oakland'23). San Francisco, CA, May 2023.
  • How IoT Re-using Threatens Your Sensitive Data: Exploring the User-Data Disposal in Used IoT Devices
    Peiyu Liu, Shouling Ji, Lirong Fu, Kangjie Lu, Xuhong Zhang, Jingchang Qin, Wenhai Wang, and Wenzhi Chen.
    To appear in Proceedings of the 44th IEEE Symposium on Security and Privacy (Oakland'23). San Francisco, CA, May 2023.

    • 2022

  • Making Memory Account Accountable: Analyzing and Detecting Memory Missing-account bugs for Container Platforms [Code | PDF]
    Yutian Yang, Wenbo Shen, Xun Xie, Kangjie Lu, Mingsen Wang, Tianyu Zhou, Chenggang Qin, Wang Yu, and Kui Ren.
    In Proceedings of the Annual Computer Security Applications Conference (ACSAC'22). Austin, TX, December 2022.
    ★ Distinguished Paper Award
  • Non-Distinguishable Inconsistencies as a Deterministic Oracle for Detecting Security Bugs [Code | PDF]
    Qingyang Zhou, Qiushi Wu, Dinghao Liu, Shouling Ji, and Kangjie Lu.
    In Proceedings of the 29th ACM Conference on Computer and Communications Security (CCS'22). Los Angeles, CA, November 2022.
  • SEDiff: Scope-Aware Differential Fuzzing to Test Internal Function Models in Symbolic Execution [PDF]
    Penghui Li, Wei Meng, and Kangjie Lu.
    In Proceedings of the 21st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE'22). Singapore, November 2022.
  • OS-Aware Vulnerability Prioritization via Differential Severity Analysis [PDF]
    Qiushi Wu*, Yue Xiao*, Xiaojing Liao, and Kangjie Lu.
    In Proceedings of the 31st USENIX Security Symposium (Security'22). Boston, MA, August 2022.
    *Co-first authors
  • GranularNF: Granular Decomposition of Stateful NFV at 100 Gbps Line Speed and Beyond [PDF]
    Ziyan Wu, Tianming Cui, Arvind Narayanan, Yang Zhang, Kangjie Lu, Antonia Zhai, and Zhi-Li Zhang.
    ACM SIGMETRICS Performance Evaluation Review, August 2022.
  • Goshawk: Hunting Memory Corruptions via Structure-Aware and Object-Centric Memory Operation Synopsis [PDF | Code]
    Yunlong Lyu, Yi Fang, Yiwei Zhang, Qibin Sun, Siqi Ma, Elisa Bertino, Kangjie Lu, and Juanru Li.
    In Proceedings of the 43rd IEEE Symposium on Security and Privacy (Oakland'22). San Francisco, CA, May 2022.
  • Semantic-Informed Driver Fuzzing Without Both the Hardware Devices and the Emulators [PDF | Code]
    Wenjia Zhao, Kangjie Lu, Qiushi Wu, and Yong Qi.
    In Proceedings of the 2022 Annual Network and Distributed System Security Symposium (NDSS'22). San Diego, CA, February 2022.
  • Context-Sensitive and Directional Concurrency Fuzzing for Data-Race Detection [PDF]
    Zu-Ming Jiang, Jia-Ju Bai, Kangjie Lu, and Shi-Min Hu.
    In Proceedings of the 2022 Annual Network and Distributed System Security Symposium (NDSS'22). San Diego, CA, February 2022.
  • EMS: History-Driven Mutation for Coverage-based Fuzzing [PDF | Code]
    Chenyang Lyu, Shouling Ji, Xuhong Zhang, Hong Liang, Kangjie Lu, Binbin Zhao, and Raheem Beyah.
    In Proceedings of the 2022 Annual Network and Distributed System Security Symposium (NDSS'22). San Diego, CA, February 2022.
  • Dancing with wolves: An intra-process isolation technique with privileged hardware [Link]
    Chenggang Wu, Mengyao Xie, Zhe Wang, Yinqian Zhang, Kangjie Lu, Xiaofeng Zhang, Yuanming Lai, Yan Kang, Min Yang, and Tao Li.
    IEEE Transactions on Dependable and Secure Computing (TDSC'22), 2022.

    • 2021

  • Detecting Missed Security Operations Through Differential Checking of Object-based Similar Paths [PDF]
    Dinghao Liu, Qiushi Wu, Shouling Ji, Kangjie Lu, Zhenguang Liu, Jianhai Chen, and Qinming He.
    In Proceedings of the 28th ACM Conference on Computer and Communications Security (CCS'21). Virtual Conference, November 2021.
  • CPscan: Detecting Bugs Caused by Code Pruning in IoT Kernels [PDF]
    Lirong Fu, Shouling Ji, Kangjie Lu, Peiyu Liu, Xuhong Zhang, Yuxuan Duan, Zihui Zhang, Wenzhi Chen, and Yanjun Wu.
    In Proceedings of the 28th ACM Conference on Computer and Communications Security (CCS'21). Virtual Conference, November 2021.
  • Demons in the Shared Kernel: Abstract Resource Attacks Against OS-level Virtualization [PDF]
    Nanzi Yang, Wenbo Shen, Jinku Li, Yutian Yang, Kangjie Lu, Jietao Xiao, Tianyu Zhou, Chenggang Qin, Wang Yu, Jianfeng Ma, and Kui Ren.
    In Proceedings of the 28th ACM Conference on Computer and Communications Security (CCS'21). Virtual Conference, November 2021.
  • iFIZZ: Deep-State and Efficient Fault-Scenario Generation to Test IoT Firmware [PDF]
    Peiyu Liu, Shouling Ji, Xuhong Zhang, Qinming Dai, Kangjie Lu, Lirong Fu, Wenzhi Chen, Peng Cheng, Wenhai Wang, and Raheem Beyah.
    In Proceedings of the 36th IEEE/ACM International Conference on Automated Software Engineering (ASE'21). Virtual conference, November 2021.
  • Understanding and Detecting Disordered Error Handling with Precise Function Pairing [PDF]
    Qiushi Wu, Aditya Pakki, Navid Emamdoost, Stephen McCamant, and Kangjie Lu.
    In Proceedings of the 30th USENIX Security Symposium (Security'21). Vancouver, Canada, August 2021.
  • Static Detection of Unsafe DMA Accesses in Device Drivers [PDF]
    Jia-Ju Bai, Tuo Li, Kangjie Lu, and Shi-Min Hu.
    In Proceedings of the 30th USENIX Security Symposium (Security'21). Vancouver, Canada, August 2021.
  • Detecting Kernel Refcount Bugs with Two-Dimensional Consistency Checking [PDF]
    Xin Tan, Yuan Zhang, Xiyu Yang, Kangjie Lu, and Min Yang.
    In Proceedings of the 30th USENIX Security Symposium (Security'21). Vancouver, Canada, August 2021.
  • UNIFUZZ: A Holistic and Pragmatic Metrics-Driven Platform for Evaluating Fuzzers [PDF]
    Yuwei Li, Shouling Ji, Yuan Chen, Sizhuang Liang, Wei-Han Lee, Yueyao Chen, Chenyang Lyu, Chunming Wu, Raheem Beyah, Peng Cheng, Kangjie Lu, and Ting Wang.
    In Proceedings of the 30th USENIX Security Symposium (Security'21). Vancouver, Canada, August 2021.
  • Unleashing Fuzzing Through Comprehensive, Efficient, and Faithful Exploitable-Bug Exposing [PDF | Link]
    Bowen Wang*, Kangjie Lu*, Qiushi Wu, and Aditya Pakki.
    IEEE Transactions on Dependable and Secure Computing (TDSC'21), May 2021.
    *Co-first authors
  • On the Feasibility of Automated Built-in Function Modeling for PHP Symbolic Execution [PDF]
    Penghui Li, Wei Meng, Kangjie Lu, and Changhua Luo.
    In Proceedings of the 30th International World Wide Web Conference (WWW'21). Virtual conference, April 2021.
  • Detecting Kernel Memory Leaks in Specialized Modules with Ownership Reasoning [PDF]
    Navid Emamdoost, Qiushi Wu, Kangjie Lu, and Stephen McCamant.
    In Proceedings of the 2021 Annual Network and Distributed System Security Symposium (NDSS'21). San Diego, CA, February 2021.
  • Cross-Architecture Testing for Compiler-Introduced Security Bugs [Link]
    Jianhao Xu, Kangjie Lu, and Bing Mao.
    In the 5th Workshop on Principles of Secure Compilation (PriSC'21), co-located with POPL'21. Online, January 2021.

    • 2020

  • Exaggerated Error Handling Hurts! An In-Depth Study and Context-Aware Detection [PDF | Code]
    Aditya Pakki, and Kangjie Lu.
    In Proceedings of the 27th ACM Conference on Computer and Communications Security (CCS'20). Orlando, FL, November 2020.
  • Understanding the Security Risks of Docker Hub [PDF]
    Peiyu Liu, Shouling Ji, Lirong Fu, Kangjie Lu, Xuhong Zhang, Wei-Han Lee, Tao Lu, Wenzhi Chen, and Raheem Beyah.
    In Proceedings of the 25th European Symposium on Research in Computer Security (ESORICS'20). Guildford, UK, September 2020.
  • Fuzzing Error Handling Code using Context-Sensitive Software Fault Injection [PDF]
    Zu-Ming Jiang, Jia-Ju Bai, Kangjie Lu, and Shi-Min Hu.
    In Proceedings of the 29th USENIX Security Symposium (Security'20). Boston, MA, August 2020.
  • SEIMI: Efficient and Secure SMAP-Enabled Intra-process Memory Isolation [PDF]
    Zhe Wang, Chenggang Wu, Mengyao Xie, Yinqian Zhang, Kangjie Lu, Xiaofeng Zhang, Yuanming Lai, Yan Kang, and Min Yang.
    In Proceedings of the 41st IEEE Symposium on Security and Privacy (Oakland'20). San Francisco, CA, May 2020.
  • MPTEE: Bringing Flexible and Efficient Memory Protection to Intel SGX [PDF]
    Wenjia Zhao, Kangjie Lu, and Yong Qi.
    In Proceedings of the 15th European Conference on Computer Systems (EuroSys'20). Crete, Greece, April 2020.
  • Precisely Characterizing Security Impact in a Flood of Patches via Symbolic Rule Comparison [PDF]
    Qiushi Wu, Yang He, Stephen McCamant, and Kangjie Lu.
    In Proceedings of the 2020 Annual Network and Distributed System Security Symposium (NDSS'20). San Diego, CA, February 2020.

    • 2019

  • Where Does It Go? Refining Indirect-Call Targets with Multi-Layer Type Analysis [PDF | Code]
    Kangjie Lu, and Hong Hu.
    In Proceedings of the 26th ACM Conference on Computer and Communications Security (CCS'19). London, UK, November 2019.
    ★ Best Paper Award (1/947)
  • Automatically Identifying Security Checks for Detecting Kernel Semantic Bugs [PDF | Code]
    Kangjie Lu, Aditya Pakki, and Qiushi Wu.
    In Proceedings of the 24th European Symposium on Research in Computer Security (ESORICS'19). Luxembourg, September 2019.
  • Detecting Missing-Check Bugs via Semantic- and Context-Aware Criticalness and Constraints Inferences [PDF | Code]
    Kangjie Lu, Aditya Pakki, and Qiushi Wu.
    In Proceedings of the 28th USENIX Security Symposium (Security'19). Santa Clara, CA, August 2019.

    • 2018

  • Stopping Memory Disclosures via Diversification and Replicated Execution [PDF]
    Kangjie Lu, Meng Xu, Chengyu Song, Taesoo Kim, and Wenke Lee.
    IEEE Transactions on Dependable and Secure Computing (TDSC'18), October 2018.
  • Check it Again: Detecting Lacking-Recheck Bugs in OS Kernels [PDF | Code]
    Wenwen Wang, Kangjie Lu, and Pen-Chung Yew.
    In Proceedings of the 25th ACM Conference on Computer and Communications Security (CCS'18). Toronto, Canada, October 2018.
  • Precise and Scalable Detection of Double-Fetch Bugs in OS Kernels [PDF]
    Meng Xu, Chenxiong Qian, Kangjie Lu, Michael Backes, and Taesoo Kim.
    In Proceedings of the 39th IEEE Symposium on Security and Privacy (Oakland'18). San Francisco, CA, May 2018.

    • 2017

  • Bunshin: Compositing Security Mechanisms through Diversification [PDF]
    Meng Xu, Kangjie Lu, Taesoo Kim, and Wenke Lee.
    In Proceedings of the 2017 USENIX Annual Technical Conference (ATC'17). Santa Clara, CA, July 2017.
  • Unleashing Use-Before-Initialization Vulnerabilities in the Linux Kernel Using Targeted Stack Spraying [PDF]
    Kangjie Lu, Marie-Therese Walter, David Pfaff, Stefan Nürnberger, Wenke Lee, and Michael Backes.
    In Proceedings of the 2017 Annual Network and Distributed System Security Symposium (NDSS'17). San Diego, CA, February 2017.

    • 2016

  • UniSan: Proactive Kernel Memory Initialization to Eliminate Data Leakages [PDF | Code | Page]
    Kangjie Lu, Chengyu Song, Taesoo Kim, and Wenke Lee.
    In Proceedings of the 23rd ACM Conference on Computer and Communications Security (CCS'16). Vienna, Austria, October 2016.
  • Toward Engineering a Secure Android Ecosystem: A Survey of Existing Techniques [PDF]
    Meng Xu, Chengyu Song, Yang ji, Ming-Wei Shih, Kangjie Lu, Cong Zheng, Ruian Duan, Yeongjin Jang, Byoungyoung Lee, Chenxiong Qian, Sangho Lee, , and Taesoo Kim.
    ACM Computing Surveys (CSUR'16) 49(2), August 2016.
  • How to Make ASLR Win the Clone Wars: Runtime Re-Randomization [PDF | Demo | Code]
    Kangjie Lu, Stefan Nürnberger, Michael Backes, and Wenke Lee.
    In Proceedings of the 2016 Annual Network and Distributed System Security Symposium (NDSS'16). San Diego, CA, February 2016.
  • Enforcing Kernel Security Invariants with Data Flow Integrity [PDF]
    Chengyu Song, Byoungyoung Lee, Kangjie Lu, William R. Harris, Taesoo Kim, and Wenke Lee.
    In Proceedings of the 2016 Annual Network and Distributed System Security Symposium (NDSS'16). San Diego, CA, February 2016.

    • 2015

  • ASLR-Guard: Stopping Address Space Leakage for Code Reuse Attacks [PDF | Code | Page]
    Kangjie Lu, Chengyu Song, Byoungyoung Lee, Simon P. Chung, Taesoo Kim, and Wenke Lee.
    In Proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS'15). Denver, Colorado, October 2015.
  • SUPOR: Precise and Scalable Sensitive User Input Detection for Android Apps [PDF]
    Jianjun Huang, Zhichun Li, Xusheng Xiao, Zhenyu Wu, Kangjie Lu, Xiangyu Zhang, and Guofei Jiang.
    In Proceedings of the 24th USENIX Security Symposium (Security'15). Washington, DC, August 2015.
  • Software Watermarking using Return-Oriented Programming [PDF]
    Haoyu Ma, Kangjie Lu, Xinjie Ma, Haining Zhang, Chunfu Jia, and Debin Gao.
    In Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security (ASIACCS'15). Singapore, April–June 2015.
  • Checking more and alerting less: Detecting privacy leakages via enhanced data-flow analysis and peer voting [PDF]
    Kangjie Lu, Zhichun Li, Vasileios Kemerlis, Zhenyu Wu, Long Lu, Cong Zheng, Zhiyun Qian, Wenke Lee, and Guofei Jiang.
    In Proceedings of the 2015 Annual Network and Distributed System Security Symposium (NDSS'15). San Diego, CA, February 2015.

    • 2014

  • RopSteg: Program Steganography with Return Oriented Programming [PDF]
    Kangjie Lu, Siyang Xiong, and Debin Gao.
    In Proceedings of the 4th ACM Conference on Data and Application Security and Privacy (CODASPY'14). San Antonio, Texas, USA, March 2014.

    • 2013

  • Jekyll on iOS: When Benign Apps Become Evil [PDF]
    Tielei Wang, Kangjie Lu, Long Lu, Simon Chung, and Wenke Lee.
    In Proceedings of the 22th USENIX Security Symposium (Security'13). Washington, DC, August 2013.

    • 2011

  • deRop: Removing Return-Oriented Programming from Malware [PDF]
    Kangjie Lu, Dabi Zou, Weiping Wen, and Debin Gao.
    In Proceedings of the 27th Annual Computer Security Applications Conference (ACSAC'11). Orlando, Florida, USA, December 2011.
  • Packed, Printable, and Polymorphic Return-Oriented Programming [PDF]
    Kangjie Lu, Dabi Zou, Weiping Wen, and Debin Gao.
    In Proceedings of the 14th International Symposium on Recent Advances in Intrusion Detection (RAID'11). Menlo Park, California, USA, September 2011.

Advising

  • PhD students
    • Aditya Pakki
    • Qiushi Wu
    • Qingyang Zhou
    • Dong Bao
    • Weiheng Bai
    • Kefu Wu
    • Yanting Chi
    • Sheikh Mostofa Amir
    • Talha Ahsan
  • Master's students
    • Zhengwen Jiang
  • Undergraduate students
    • Yuchen Meng
  • Alumni
    • Wenjia Zhao (PhD'22, Assistant Professor at Xi'an Jiaotong University)
    • Yang He (MS'21, Software Engineer at Google)
    • Tanglin Zhou (MS'20)
    • Joe Numainville (MS'21, Leidos)
    • Dipanjan Das (visiting student from UCSB)
    • Luyang Zhao (BS’18, now PhD at Dartmouth)

Assistant Professor University of Minnesota, Minneapolis 2017.8 - Present
Visiting Scholar MPI-SWS & CISPA, Saarland University, Saarbrücken, Germany 2016.5 - 2016.8
Visiting Scholar MPI-SWS & CISPA, Saarland University, Saarbrücken, Germany 2015.5 - 2015.8
Research Intern Samsung Research America, Santa Clara 2014.5 - 2014.8
Research Intern NEC Labs America, Princeton 2013.5 - 2013.8
Research Assistant Georgia Institute of Technology, Atlanta 2012.8 - 2017.8
Research Assistant Singapore Management University, Singapore 2010.7 - 2012.6
Research Assistant Peking University, Beijing, China 2009.9 - 2010.7

Program Committee Chairs

  • The 2nd International Workshop on Ethics in Computer Security (EthiCS), co-located with NDSS 2023
  • The 1st International Workshop on Ethics in Computer Security (EthiCS), co-located with IEEE EuroS&P 2022

Program Committees

  • The Network and Distributed System Security Symposium (NDSS): 2021, 2022, 2023, 2024
  • IEEE Symposium on Security and Privacy (Oakland/S&P): 2024
  • The ACM Conference on Computer and Communications Security (CCS): 2018, 2019, 2020, 2021, 2023
  • International Symposium on Research in Attacks, Intrusions and Defenses (RAID): 2023
  • International Conference on Information and Communications Security (ICICS): 2019, 2021, 2022, 2023
  • The USENIX Security Symposium (USENIX Security): 2018, 2021, 2022
  • The ACM Asia Conference on Computer and Communications Security (AsiaCCS): 2018, 2021, 2022