Home   

Yueqi (Lewis) Chen, 陈越琦 Full CV
Ph.D Student
College of Information Sciences & Technology
The Pennsylvania State University
State College, PA

Contact
Westgate Building. E364
State College, PA 16803
yxc431 AT ist DOT psu DOT edu


I am a first second year Ph.D student in College of Information Sciences & Technology from The Pennsylvania State University. I am co-advised by Dr. Xinyu Xing and Dr. Peng Liu. I received my B.S in Computer Science & Technology from Nanjing University in 2017.

My research interests include vulnerability analysis and the security of OS kernel. I am actively working on exploitability assessment, especially for vulnerability in complex softwares like OS kernel.

News

  • Awarded Student Travel Grant from USENIX Security Symposium 2019. See you folks at Santa Clara.

Publication

    Hack OS Kernel

  • KEPLER: Facilitating Control-flow Hijacking Primitive Evaluation for Linux Kernel Vulnerabilities [ PDF ]
    Wei Wu, Yueqi Chen, Xinyu Xing, Wei Zou
    The 28th USENIX Security Symposium (USENIX Security'19)
    Given control flow hijacking, generally bypassing all default enabled mitigation techniques in Linux distros.
    Mitigation never fundamentally resolves security issues because of endless new exploit methods.
    We should jump out of attack-mitigation-new attack cycle and secure a system in a proactive way.

  • FUZE: Towards Facilitating Exploit Generation for Kernel Use-After-Free Vulnerabilities [ PDF ]
    Wei Wu, Yueqi Chen, Jun Xu, Xinyu Xing, Wei Zou, Xiaorui Gong
    The 27th USENIX Security Symposium (USENIX Security'18)
    Fuzzing to diversify “use” part of a UAF vulnerability; Symbolic execution to identify more, stronger primitives.
    Exploring the memory corruption capability of a vulnerability escalates its exploitability.
    We should go beyond the capability disclosed in PoC when evaluating vulnerability exploitability.

   Grasp Vulnerability

  • Towards the Detection of Inconsistencies in Public Security Vulnerability Reports [ PDF ]
    Ying Dong, Wenbo Guo, Yueqi Chen, Xinyu Xing, Yuqing Zhang, Gang Wang
    The 28th USENIX Security Symposium (USENIX Security'19)
    NER model to process vulnerability report; Manual verification to disclose that:
    Vulnerability reports do not tell all truth and even make mistakes.
    We should optimize vulnerability reporting procedure to improve report quality.

Honor & Award

  • The 28th USENIX Security Symposium, Student Travel Grant Award, 2019
  • DEF CON 26 CTF, Team jd-r3kapig, Final, 2018
  • Black Hat USA, Student Scholarship, 2018
  • The 39th IEEE Symposium on Security and Privacy, Student Travel Grant Award, 2018
  • 2017 NSA codebreaker Challenge, Team member, Rank 5, 2017
  • Compiler Optimization Contest in Nanjing University, Individual, Rank 2, 2015

Community Services

  • External reviewer
    USENIX Security 2020,
    ACM CCS 2019, ESORICS 2019, ACSAC 2019, ISC 2019,
    ACM AsiaCCS 2018, IEEE CNS 2018