Research Interests

Generally speaking, my research interests include computer security, program analysis, formal verification, embedded system, and trusted computing. Specifically, I’ve been working on the following areas.

• Software security and formal methods. I’ve used different formal methods, including theorem proving, software verification, and symbolic execution, to ensure software security properties, such as a minimal trusted computing base, memory security, and vulnerability discovery.
• Application security and program analysis. Combine different technologies creatively, including programming language, abstract interpretation, dynamic analysis, runtime analysis, and big code, to build security tools to find security vulnerabilities in code written in dynamic programming languages, such as JavaScript and Python. The initial version of the product has been used in the industry.
• Research and development of security analysis products. I was one of the core R&D software engineers of Fortify SCA, working on the buffer overflow analyzer, taint analyzer, and program structural analyzer.
• Software-as-a-Service (SaaS) security. I developed solutions for various security issues, such as data protection, vulnerability prevention, authentication, authorization, etc., and presented in company user conferences how to securely deploy SaaS services.