Chao Zhang (张超)



Associate Professor
NISL
Institute for Network Science and Cyberspace
Tsinghua University

Mailing address:
FIT 3-209
Tsinghua University
Beijing, China 100084




About

  • I am currently a tenure-track Associate Professor in Tsinghua University.
  • I was a postdoc advised by Prof. Dawn Song at UC Berkeley from Sep 2013 to Sep 2016.
  • I received my Ph.D. degree in Computer Science from Peking University in July 2013, advised by Prof. Wei Zou and co-advised by Prof. Tao Wei.
  • I received my B.S. degree in Mathematical Science from Peking University in July 2008.
  • I was a member of the V group of LiST at ICST, Peking University.
  • I was a co-organizer of the BitBlaze Group in UC Berkeley.
  • I was a co-leader of the CodeJitsu team, a finalist of the DARPA Cyber Grand Challenge.
  • I am a member of the Blue-Lotus CTF team.
  • Research Interests

  • Software security analysis, including binary analysis and reverse engineering.
  • Vulnerability detection, exploit and protection techniques.
  • Web security and P2P network security analysis.
  • Programing language theory and implementation.
  • AI and security.
  • Cool stuff: IoT, blockchain...
  • Awards

  • 2017 Young Elite Scientists Sponsorship Program by CAST (Chinese Association for Science and Technology).
  • 2017 Young Talent Development Program by CCF (China Computer Federation).
  • 2017 GeekPwn 2017/5/12
  • 2016 DARPA Cyber Grand Challenge CFE, ranked #2 in attack.
  • 2015 DARPA Cyber Grand Challenge CQE, ranked #1 in defense.
  • 2012 Microsoft BlueHat Prize Contest's Special Recognition Award.
  • 2017 5nd place in Defcon CTF 2017
  • 2016 2nd place in Defcon CTF 2016
  • 2015 5th place in Defcon CTF 2015
  • Publications

    Conferences

    1. Towards Efficient Heap Overflow Discovery [PDF]
      Xiangkun Jia, Chao Zhang, Purui Su, Yi Yang, Huafeng Huang, Dengguo Feng
      In the 26th {USENIX} Security Symposium ({USENIX} Security 17), Vancouver, BC, Aug 2017
    2. VTrust: Regaining Trust on Virtual Calls [PDF]
      Chao Zhang, Scott A. Carr, Tongxin Li, Yu Ding, Chengyu Song, Mathias Payer, Dawn Song
      In the Network and Distributed System Security Symposium (NDSS'16), San Diego, CA, Feb 2016
    3. VTint: Protecting Virtual Function Tables’ Integrity [pdf] [slides]
      Chao Zhang, Chengyu Song, Kevin Zhijie Chen, Zhaofeng Chen, Dawn Song
      In the Network and Distributed System Security Symposium (NDSS'15), San Diego, CA, Feb 2015
    4. Exploiting and Protecting Dynamic Code Generation [pdf]
      Chengyu Song, Chao Zhang, Tielei Wang, Wenke Lee, David Melski
      In the Network and Distributed System Security Symposium (NDSS'15), San Diego, CA, Feb 2015
    5. JITScope: Protecting Web Users from Control-Flow Hijacking Attacks
      Chao Zhang, Mehrdad Niknami, Kevin Zhijie Chen, Chengyu Song, Zhaofeng Chen, Dawn Song
      In the 34th Annual IEEE International Conference on Computer Communications (InfoCom'15), Hong Kong, China, April 2015
    6. UAFChecker: Scalable Static Detection of Use-After-Free Vulnerabilities (poster)
      Jiayi Ye, Chao Zhang, Xinhui Han
      In the 21st ACM Conference on Computer and Communications Security (CCS'14), Scottsdale, Arizona, Nov 2014
    7. PHPGate: A Practical White-Delimiter-Tracking Protection against SQL-Injection for PHP (poster)
      Lihua Zhang, Yu Ding, Chao Zhang, Lei Duan, Zhaofeng Chen, Tao Wei, Xinhui Han
      In the 24th USENIX Security Symposium, San Diego, CA, Aug 2014
    8. The Store-and-Flood Distributed Reflective Denial of Service Attack
      Bingshuang Liu, Skyler Berg, Jun Li, Tao Wei, Chao Zhang, Xinhui Han
      In the 23rd International Conference on Computer Communications and Networks (ICCCN‘14), Shanghai, China, Aug 2014
    9. Android Low Entropy Demystified
      Yu Ding, Zhuo Peng, Yuanyuan Zhou, Chao Zhang
      In IEEE International Conference on Communications (ICC’14), Sydney, Australia, June 2014
    10. Unider: Exploit Attack Emulator Armed with State-of-Art Exploit Techniques (poster)
      Yu Ding, Chao Zhang, Tao Wei
      In the Network and Distributed System Security Symposium (NDSS'14), San Diego, CA, Feb 2014
    11. Splider: A Split-based Crawler of the BT-DHT Network and its Applications
      Bingshuang Liu, Shidong Wu, Tao Wei, Chao Zhang, Jun Li, Jianyu Zhang, Yu Chen, Chen Li
      In the 11th Annual IEEE Consumer Communications & Networking Conference (CCNC'14), Las Vegas, Nevada, Jan 2014
    12. Practical Control Flow Integrity & Randomization for Binary Executables [PDF] [slides]
      Chao Zhang, Tao Wei, Zhaofeng Chen, Lei Duan, Laszlo Szekeres, Stephen McCamant, Dawn Song, Wei Zou.
      In the 34th IEEE Symposium on Security & Privacy (Oakland'13), San Francisco, CA, May 2013.
    13. Protecting Function Pointers in Binary
      Chao Zhang, Tao Wei, Zhaofeng Chen, Lei Duan, Stephen McCamant, Laszlo Szekeres.
      In the 8th ACM Symposium on Information, Computer and Communications Security (ASIACCS'13), Hangzhou, China, May 2013.
    14. LinkTrust: A Phishing Detection Method Depending on the PageRank (in Chinese)
      Lihua Zhang, Tao Wei, Kun Li, Jian Mao, Chao Zhang, Wei Zou.
      In the 5th Conference on Vulnerability Analysis and Risk Assessment (VARA'12), Shanghai, China, Dec, 2012.
    15. FPGate: The Last Building Block For A Practical CFI Solution [PDF]
      Tao Wei, Chao Zhang, Zhaofeng Chen, Lei Duan, Laszlo Szekeres, Stephen McCamant, Dawn Song.
      Technical Report for Microsoft BlueHat Prize Contest, Apr. 2012.
    16. A Framework to Eliminate Backdoors from Response Computable Authentication [PDF]
      Shuaifu Dai, Tao Wei, Chao Zhang, Tielei Wang, Yu Ding, Wei Zou, Zhenkai Liang.
      In the 33rd IEEE Symposium on Security and Privacy (Oakland'12), San Francisco, CA, May 2012.
    17. IntPatch: Automatically Fix Integer-Overflow-to-Buffer-Overflow Vulnerability at Compile-Time [PDF]
      Chao Zhang, Tielei Wang, Tao Wei, Yu Chen, Wei Zou.
      In the 15th European Symposium on Research in Computer Security (ESORICS'10), Athens, Greece, Sep. 2010.

    Journals

    1. SQL injection prevention based on sensitive characters. (in Chinese)
      Huilin Zhang, Yu Ding, Lihua Zhang, Lei Duan, Chao Zhang, Tao Wei, Guancheng Li, Xinhui Han
      In Journal of Computer Research and Development Vol. 53, No. 10, Oct. 2016
    2. Accurate and Efficient Exploit Capture and Classification
      Yu Ding, Tao Wei, Hui Xue, Yulong Zhang, Chao Zhang, Xinhui Han
      In SCIENCE CHINA Information Sciences (SCIS), Vol. 60, No. 5, 2016
    3. SF-DRDoS: The store-and-flood distributed reflective denial of service attack
      Bingshuang Liu, Jun Li, Tao Wei, Skyler Berg, Jiayi Ye, Chen Li, Chao Zhang , Jianyu Zhang, Xinhui Han
      In Computer Communications, Vol. 69, Sep. 2015
    4. Improving lookup reliability in Kad
      Bingshuang Liu, Tao Wei, Chao Zhang , Jun Li, Jianyu Zhang
      In Peer-to-Peer Networking and Applications, Vol. 8, Issue 1, Jan. 2015
    5. Using Type Analysis in Compiler to Eliminate Integer-Overflow-to-Buffer-Overflow Threat.[PDF]
      Chao Zhang, Wei Zou, Tielei Wang, Yu Chen, Tao Wei.
      In Journal of Computer Security (JCS), Vol. 19, No. 6, Dec. 2011

    Professional Service

    Program Commitee for:
  • Cyber Security Experimentation and Test (CSET'17)

  • Student/Shadow PC for:
  • IEEE Symposium on Security and Privacy (Oakland'16)

  • Editor for:
  • Journal of Cyber Security

  • Reviewer for journals:
  • Transactions on Information Forensics & Security (TIFS)
  • Transactions on Dependable and Secure Computing (TDSC)
  • Journal of Computer Security (JCS)
  • Software: Practice and Experience (SPE)
  • Computing Journal (COMP)
  • ACM Computing Surveys
  • Journal of Cyber Security
  • Journal Of Software (in Chinese)

  • Reviewer for conferences:
  • International Symposium on Research in Attacks, Intrusions and Defenses (RAID'17)
  • Cyber Security Experimentation and Test (CSET'17)
  • International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS'16)
  • ACM Conference on Computer and Communications Security (CCS'14)
  • 4th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM'14)
  • 34th IEEE Symposium on Security & Privacy (Oakland'13)
  • Annual Network & Distributed System Security Symposium (NDSS'13, '16).
  • 8th ACM Symposium on Information, Computer and Communications Security (ASIACCS'13).
  • 5th Conference on Vulnerability Analysis and Risk Assessment (VARA 2012), in Chinese.
  • Bug List

    bugs

    Open Source Projects

  • libproton: Make porting easy from Python to C++11
  • Resources

  • Computer Security Conference Ranking and Statistic
  • Statistics of Top 4 System Security Conferences
  • Top Authors in Top4 Conferences
  • Networking Conferences Statistics
  • Compiler Conferences and Workshops
  • Operating Systems Conferences
  • Recommended network/information security conferences/journals by CCF (Chinese)



  • Last updated: Sep 2017.