I’m a 3rd year Phd student in Computer Science & Engineering at University of Washington, Seattle. My current focus is in building new software defenses to make computing devices more secure. My research interest is in the intersection of security, programming languages, and systems.
I received my B.S. in Electrical Engineering and Computer Science from University of California, Berkeley in 2012. As an undergrad, I worked with Prof. Dawn Song on binary analysis (BitBlaze) and Android security.
I was born and grew up in Shanghai, China before I moved to the U.S. with my family in 2004. My favorite TV shows are Dr. Who, Life on Mars, Star Trek, Top Gear and House MD. I am also a big fan of documentaries ranging from Theology to Quantum Physics.
Here is my resume.
Contextual Policy Enforcement in Android Applications with Permission Event Graph
Kevin Zhijie Chen, Noah Johnson, Vijay D’Silva, Shuaifu Dai, Kyle MacNamara, Tom Magrino, Edward XueJun Wu, Martin Rinard and Dawn Song. In Proceedings of the 20th Annual Network and Distributed System Security Symposium, (NDSS’13), San Diego, February 24-27, 2013. [pdf]
Juxtapp: A Scalable System for Detecting Code Reuse Among Android Applications
Steve Hanna, Ling Huang, Edward Wu, Saung Li, Charles Chen and Dawn Song . In Proceedings of the 9th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), Jul 2012. [pdf]
FreeMarket: Shopping for free in Android applications
Daniel Reynaud, Richard Shin, Tom Magrino, Edward Wu and Dawn Song. In Proceedings of the 19th Annual Network & Distributed System Security Symposium (NDSS), Feb 2012. (short paper) [pdf]
MACE: Model-inference-Assisted Concolic Exploration for Protocol and Vulnerability Discovery
Chia Yuan Cho, Domagoj Babic, Pongsin Poosankam, Kevin Zhijie Chen, Edward XueJun Wu and Dawn Song. In Proceedings of the 20th USENIX Security Symposium (USENIX Security ’11), San Francisco, California. [pdf]
• University of Washington, Seattle: Sep. 2012 – Present
PhD student in Computer Science and Engineering
• University of California, Berkeley: Aug. 2008 – May 2012
Bachelor of Science in Electrical Engineering and Computer Science
Certificate in Engineering Leadership from Center for Entrepreneurship & Technology
• Summer Intern at Intel Labs (Jun. 2014 – Sep. 2014)
– Anti-Malware Intelligence, Security and Privacy Research
– Built a static instrumentation framework for Dalvik bytecode that allows arbitrary code injection and modification to existing pre-compiled Android applications
– Developed a portable and runtime environment agnostic monitoring system for recording detailed Android apps’ runtime behaviors in both Dalvik and native code
– Performed in-depth analysis of leading Android application packing (code-obfuscation) tools
– Built a prototype of automated GUI exploration system for Android applications
• Summer Intern at Qualcomm Research (Jun. 2012 – Sep. 2012)
– Qualcomm Product Security Initiative
– Built a fully working runtime memory monitoring tool for Qualcomm’s proprietary Hexagon ISA and real time OS based on Address Sanitizer.
– Provides the ability to detect stack, heap and global out-of-bound memory accesses and use-after-free bugs in code running on Qualcomm’s basebands, with virtually no false positive and negatives.
– Reimplemented many low level interfaces in Address Sanitizer, modified the LLVM instrumentation pass and submitted a LLVM back-end patch during the implementation.
• Undergraduate Research Assistant, PI: Prof. Dawn Song (Sep. 2009 – Present)
– Served as a member of BitBlaze and DroidBlaze research project groups.
– Collaborated in the development of new program analysis and machine learning platforms to enhance, verify and analyze the security of Android apps.
– Worked in combining model-inference techniques with symbolic execution tool to analyze and infer the model of network-interfaced programs, at the same time exploring code paths to find vulnerabilities.
– Contributed to the discovery or analysis of 7 novel vulnerabilities.
A list of bug findings that I have worked on:
OSVDB-66497: Cutwail Bot C&C Parsing Remote Overflow
OSVDB-66501: Zbot Trojan C&C Decompression Remote Overflow
CVE-2011-0904: Vino Wild Write
CVE-2011-0905: Vino Out-of-bounds Read
CVE-2011-0906: Vino Infinite Loop
CVE-2011-0907: Realvnc Out-of-bounds Write
CVE-2011-1909: Null Pointer Dereference in Windows kernel-mode driver