详细资料
Details
教师头像
游伟
游伟,副教授,博士生导师,入选国家级青年人才项目。长期从事软件漏洞的自动化挖掘和二进制程序的动态/静态分析,在常见应用程序中挖掘出近百个安全漏洞,曝光了数百个恶意应用的隐蔽可疑行为。在信息安全和软件工程领域国际顶级学术会议/期刊论文上发表论文十余篇,获得最佳论文奖一次,最佳应用安全论文提名奖两次。荣获中国计算机学会“科学技术奖自然科学一等奖”。

电话 :010-62514510

个人主页:https://www.youwei.site, https://rucsesec.github.io

电子邮箱:youwei@ruc.edu.cn

更多
教育经历
2010年9月 - 2016月7月: 伟德国际1946源自英国计算机系 工学博士  
2006年9月 - 2010年7月: 伟德国际1946源自英国信息系 工学学士
工作经历
2019年8月至今: 伟德国际1946源自英国 副教授  
2017年8月 - 2019月7月: 普度大学计算机系 博士后研究员  
2016年8月 - 2017年7月: 印第安纳大学信息与计算学院 博士后研究员
研究方向
安全漏洞挖掘  
恶意程序分析  
移动安全  
Web安全
讲授课程

程序设计I荣誉课程(本科生)

新生研讨课——网络空间的安全攻防(本科生)

Web安全(本科生)

软件安全分析(本科生)

操作系统内核分析及安全(研究生)

科研项目

- 国家自然科学基金青年科学基金项目,“零知识条件下面向语言的模糊测试方法研究”(62002361),2021.01 ~ 2023.12.

- 伟德国际1946源自英国重点人才项目,“程序分析与模糊测试的关键技术”,2022.01  ~ 2024.12.

- CCF-华为胡杨林基金软件工程专项项目,“基于导向型模糊测试的漏洞验证程序自动生成技术研究”,2023.09 ~ 2024.08.

科研成果

- Dongnan He, Dongchen Xie, Yujie Wang, Wei You*, Bin Liang, Jianjun Huang Wenchang Shi, Zhuo Zhang, Xiangyu Zhang. Define-Use Guided Path Exploration for Better Forced Execution. In Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2024). (CCF A, Accepted)


- Suyue Guo, Xinyu Wang, Wei You*, Bin Liang, Wenchang Shi, Yiwei Zhang, Jianjun Huang, Jian Zhang. Operand-Variation-Oriented Differential Analysis for Fuzzing Binding Calls in PDF Readers. In Proceedings of the 45th ACM/IEEE International Conference on Software Engineering (ICSE 2023). (CCF A, 录用率: 26%)


- Xuwei Liu, Wei You*, Zhuo Zhang, Xiangyu Zhang. TensileFuzz: Facilitating Seed Input Generation in Fuzzing via String Constraint Solving. In Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2022). (CCF A, 录用率: 24%)


- Zhuo Zhang, Yapeng Ye, Wei You*, Guanhong Tao, Wen-chuan Lee, Yonghwi Kwon, Yousra Aafer, Xiangyu Zhang. OSPREY: Recovery of Variable and Data Structure via Probabilistic Analysis for Stripped Binary. In Proceedings of the 42nd IEEE Symposiums on Security and Privacy (S&P 2021). (CCF A, 录用率: 12%)


- Zhuo Zhang, Wei You*, Guanhong Tao, Yousra Aafer, Xuwei Liu, Xiangyu Zhang. StochFuzz: Sound and Cost-effective Fuzzing of Stripped Binaries by Incremental and Stochastic Rewriting. In Proceedings of the 42nd IEEE Symposiums on Security and Privacy (S&P 2021). (CCF A, 录用率: 12%) (CSAW Best Applied Security Paper Award TOP-10 Finalists)


- Yousra Aafer, Wei You*, Yi Sun, Yu Shi, Xiangyu Zhang, Heng Yin. Android SmartTVs Vulnerability Discovery via Log-guided Fuzzing. In Proceedings of the 30th Usenix Security Symposium (SECURITY 2021). (CCF A, 录用率: 19%)


- I Luk Kim, Yunhui Zheng, Hogun Park, Weihang Wang, Wei You, Yousra Aafer, Xiangyu Zhang. Finding Client-side Business Flow Tampering Vulnerabilities. In Proceedings of the 42nd ACM/IEEE Internatinoal Conference on Software Engineering (ICSE 2020). (CCF A, 录用率: 21%)


- Wei You, Zhuo Zhang, Yonghwi Kwon, Yousra Aafer, Fei Peng, Yu Shi, Carson Harmon, Xiangyu Zhang. PMP: Cost-effective Forced Execution with Probabilistic Memory Pre-planning. In Proceedings of the 41st IEEE Symposiums on Security and Privacy (S&P 2020). (CCF A, 录用率: ~11%)


- Zhuo Zhang, Wei You *, Guanhong Tao, Guannan Wei, Yonghwi Kwon, Xiangyu Zhang. BDA: Practical Dependence Analysis for Binary Executables by Unbiased Whole-program Path Sampling and Per-path Abstract Interpretation. In Proceedings of the 34th ACM Conference on Object-Oriented Programming Systems, Languages and Applications (OOPSLA 2019). (CCF A, 录用率: 36%) (ACM SIGPLAN Distinguished Paper Award)


- Wei You, Xueqiang Wang, Shiqing Ma, Jianjun Huang, Xiangyu Zhang, XiaoFeng Wang, Bin Liang. ProFuzzer: On-the-fly Input Type Probing for Better Zero-day Vulnerability Discovery. In Proceedings of the 40th IEEE Symposiums on Security and Privacy (S&P 2019). (CCF A,录用率: 11%) (CSAW Best Applied Security Paper Award TOP-10 Finalists)


- Wei You, Xuwei Liu, Shiqing Ma, David Perry, Xiangyu Zhang, Bin Liang. SLF: Fuzzing without Valid Seed Inputs. In Proceedings of the 41st ACM/IEEE Internatinoal Conference on Software Engineering (ICSE 2019). (CCF A, 录用率: 21%)


- Wei You, Bin Liang, Wenchang Shi, Peng Wang, Xiangyu Zhang. TaintMan: An ART-compatible Dynamic Taint Analysis Framework on Unmodified and Non-rooted Android Devices. In IEEE Transactions on Dependable and Secure Computing (TDSC 2017). (CCF A)


- Wei You, Peiyuan Zong, Kai Chen, XiaoFeng Wang, Xiaojing Liao, Pan Bian, Bin Liang. SemFuzz: Semantics-based Automatic Generation of Proof-of-concept Exploits. In Proceedings of the 24th ACM Conference on Computer and Communications Security (CCS 2017). (CCF A, 录用率: 18%)


- Yi Chen, Wei You, Yeonjoon Lee, Kai Chen, XiaoFeng Wang, Wei Zou. Mass Discovery of Android Traffic Imprints through Instantiated Partial Execution. In Proceedings of the 24th ACM Conference on Computer and Communications Security (CCS 2017). (CCF A, 录用率: 18%)


- Wei You, Bin Liang, Wenchang Shi, Shuyang Zhu, Peng Wang, Sikefu Xie, Xiangyu Zhang. Reference Hijacking: Patching, Protecting and Analyzing on Unmodified and Non-Rooted Android Devices. In Proceedings of the 38th International Conference on Software Engineering (ICSE 2016). (CCF A, 录用率: 19%)


- Bin Liang, Pan Bian, Yan Zhang, Wenchang Shi, Wei You, Yan Cai. AntMiner: Mining More Bugs by Reducing Noise Interference. In Proceedings of the 38th International Conference on Software Engineering (ICSE 2016). (CCF A, 录用率: 19%)


- Bin Liang, Miaoqiang Su, Wei You, Wenchang Shi, Gang Yang. Cracking Classifiers for Evasion: A Case Study on the Google’s Phishing Pages Filter. In Proceedings of the 25th International World Wide Web Conference (WWW 2016). (CCF A, 录用率: 16%)


- Wei You, Bin Liang, Jingzhe Li, Wenchang Shi, Xiangyu Zhang. Android Implicit Information Flow Demystified. In Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2015). (CCF C, 录用率: 18%)


- Bin Liang, Wei You, Liangkun Liu, Wenchang Shi, Mario Heiderich. Scriptless Timing Attacks on Web Browser Privacy. In Proceedings of the 44th International Conference on Dependable Systems and Networks (DSN 2014). (CCF B, 录用率: 30%)


- Bin Liang, Wei You, Wenchang Shi, Zhaohui Liang. Detecting Stealthy Malware with Inter-Structure and Imported Signatures. In Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2011). (CCF C, 录用率: 16%)

社会兼职

期刊审稿人:

IEEE Transactions on Dependable and Secure Computing (TDSC)

IEEE Transactions on Software Engineering (TSE)

Journal of Computer & Security (JSC)

程序委员会委员:

33rd ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2024)

31st ACM Conference on Computer and Communications Security (CCS 2024)

26th International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2023)

30th ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2021)

荣誉获奖

ACM SIGPLAN Distinguished Paper Award

CSAW Best Applied Security Paper Award TOP-10 Finalists

中国计算机学会科学技术奖自然科学奖一等奖

伟德国际1946源自英国“杰出学者”

博士生国家奖学金

Google优秀奖学金