Yueqi (Lewis) Chen, 陈越琦 Full CV
Ph.D Student
College of Information Sciences & Technology
The Pennsylvania State University
State College, PA

Westgate Building. E343
State College, PA 16803
yxc431 AT ist DOT psu DOT edu

I am a first second third year Ph.D student in College of Information Sciences & Technology from The Pennsylvania State University. I am co-advised by Dr. Xinyu Xing and Dr. Peng Liu. I received my B.S in Computer Science & Technology from Nanjing University in 2017.

My research interests include Operating system (OS) Security and Vulnerability Analysis. I am actively working on exploitability assessment, especially for vulnerability in infrastructure softwares, e.g., OS kernel and cryptography library.



    OS Security

  • SLAKE: Facilitating Slab Manipulation for Exploiting Vulnerabilities in the Linux Kernel [ Paper ] [ Slides ] [ Repo ]
    Yueqi Chen, Xinyu Xing
    The 26th ACM Conference on Computer and Communications Security (ACM CCS'19)
    Building a database of kernel objects and proposing a systematic fengshui approach.
    Exposing more attack surface in vulnerable software can escalate exploitability.
    Considering alternatives along the exploitation chain drives exploitability assessment towards ground-truth.

  • KEPLER: Facilitating Control-flow Hijacking Primitive Evaluation for Linux Kernel Vulnerabilities [ Paper ] [ Slides ] [ Repo ]
    Wei Wu, Yueqi Chen, Xinyu Xing, Wei Zou
    The 28th USENIX Security Symposium (USENIX Security'19)
    Given control flow hijacking, generally bypassing all default enabled mitigation techniques in Linux distros.
    Kernel Self-Protect Project (KSPP) ought to take action to this new exploitation.
    More importantly, instead of keeping attack-mitigation-new attack cycle, we should secure a system in a proactive way.

  • FUZE: Towards Facilitating Exploit Generation for Kernel Use-After-Free Vulnerabilities [ Paper ] [ Slides ] [ Repo ]
    Wei Wu, Yueqi Chen, Jun Xu, Xinyu Xing, Wei Zou, Xiaorui Gong
    The 27th USENIX Security Symposium (USENIX Security'18)
    Fuzzing to diversify “use” part of a UAF vulnerability; Symbolic execution to identify more, stronger primitives.
    As far as we know, FUZE is the first paper exploring the capability of a vulnerability.
    Going beyond the capability disclosed in PoC is essential for exploitability assessment and automatic exploit generation.

   Vulnerability Analysis

  • Towards the Detection of Inconsistencies in Public Security Vulnerability Reports [ Paper ] [ Slides ] [ Repo ]
    Ying Dong, Wenbo Guo, Yueqi Chen, Xinyu Xing, Yuqing Zhang, Gang Wang
    The 28th USENIX Security Symposium (USENIX Security'19)
    Automatically extract vulnerable software names and version for a large-scale measurement, showing that
    Inconsistent information among vulnerability report websites is highly prevalent.
    We should standardize reporting procedure and fully automate vulnerability report verification.

  • TRENN: Efficient Reverse Execution with Neural-Network-assisted Alias Analysis [ Paper ] [ Slides ] [ Repo ]
    Dongliang Mu, Wenbo Guo, Alejandro Cuevas, Yueqi Chen, Jinxuan Gai, Xinyu Xing, Bing Mao, Chengyu Song
    The 34th IEEE/ACM International Conference on Automated Software Engineering (ASE'19)

Honor & Award

  • The 28th USENIX Security Symposium, Student Travel Grant Award, 2019
  • DEF CON 26 CTF, Team jd-r3kapig, Final, 2018
  • Black Hat USA, Student Scholarship, 2018
  • The 39th IEEE Symposium on Security and Privacy, Student Travel Grant Award, 2018
  • 2017 NSA codebreaker Challenge, Team member, Rank 5, 2017
  • Compiler Optimization Contest in Nanjing University, Individual, Rank 2, 2015

Community Services

  • Sub-reviewer
    USENIX Security 2020, ACM CCS 2019, ESORICS 2019, ACSAC 2019, ISC 2019, ACM AsiaCCS 2018, IEEE CNS 2018


  • CYBER 362 - Cyber Analysis Studio, Teaching Assistant, Fall 2019
  • IST 456 - Information Security Management, Teaching Assistant, Spring 2019
  • SRA 221 - Overview of Information Security, Teaching Assistant, Fall 2018