Generally speaking, my research interests include computer security, program analysis, formal verification, embedded system, and trusted computing. Specifically, I’ve been working on the following areas.
- Software security and formal methods. I’ve used different formal methods, including theorem proving, software verification, and symbolic execution, to ensure software security properties, such as a minimal trusted computing base, memory security, and vulnerability discovery.
- Research and development of security analysis products. I was one of the core R&D software engineers of Fortify SCA, working on the buffer overflow analyzer, taint analyzer, and program structural analyzer.
- Software-as-a-Service (SaaS) security. I developed solutions for various security issues, such as data protection, vulnerability prevention, authentication, authorization, etc., and presented in company user conferences how to securely deploy SaaS services.