About Me

I am an applied scientist at Amazon Web Services, working on GenAI for security. I earned my Ph.D. in the Department of Electrical and Computer Engineering at The University of Texas at Austin supervised by Prof. Mohit Tiwari. I was also working closely with Prof. Sarfraz Khurshid. My research interests mainly lie in software security, automated reasoning, machine learning, and software engineering. Before Ph.D. at UT Austin, I was working with Prof. Abhik Roychoudhury at National University of Singapore, and Prof. John C.S. Lui at The Chinese University of Hong Kong. I received my bachelor's and master's degrees with honors from Xi'an Jiaotong University.

News

Publications

1. Interactive Greybox Penetration Testing for Cloud Access Control using IAM Modeling and Deep Reinforcement Learning
   Yang Hu*, Wenxi Wang*, Sarfraz Khurshid, Mohit Tiwari
   arXiv preprint
   Paper
2. NeuroBack: Improving CDCL SAT Solving using Graph Neural Networks
   Wenxi Wang, Yang Hu, Mohit Tiwari, Sarfraz Khurshid, Ken McMillan, Risto Miikkulainen
   The 12th International Conference on Learning Representations (ICLR'24)
   Paper Data
3. Fixing Privilege Escalations in Cloud Access Control with MaxSAT and Graph Neural Networks
   Yang Hu*, Wenxi Wang*, Sarfraz Khurshid, Ken McMillan, Mohit Tiwari
   The 38th IEEE/ACM International Conference on Automated Software Engineering (ASE'23)
   Paper Code Slides
4. SymMC: Approximate Model Enumeration and Counting Using Symmetry Information for Alloy Specifications
   Wenxi Wang, Yang Hu, Ken McMillan, Sarfraz Khurshid
   The 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE'22)
   Paper Code
5. SapientML: Synthesizing Machine Learning Pipelines by Learning from Human-Written Solutions
   Ripon Saha, Akira Ura, Sonal Mahajan, Chenguang Zhu, Linyi Li, Yang Hu, Hiroaki Yoshida, Sarfraz Khurshid, Mukul R. Prasad
   The 44th International Conference on Software Engineering (ICSE'22)
   Note: work done during the internship at Fujitsu Research of America - AI Lab
   Paper Code
6. ACHyb: A Hybrid Analysis Approach to Detect Kernel Access Control Vulnerabilities
   Yang Hu, Wenxi Wang, Casen Hunger, Riley Wood, Sarfraz Khurshid, Mohit Tiwari
   The 29th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE'21)
   Paper Code
7. Re-factoring based Program Repair applied to Programming Assignments
   Yang Hu, Umair Z. Ahmed, Sergey Mechtaev, Ben Leong, Abhik Roychoudhury
   The 34th IEEE/ACM International Conference on Automated Software Engineering (ASE'19)
   Paper Code Data
8. Exploiting Non-Uniform Program Execution Time to Evade Record/Replay Forensic Analysis
   Yang Hu, Mingshen Sun, John C.S. Lui
   Journal of Computers & Security. Elsevier, Apr. 2019.
   Paper
9. Taming Energy Cost of Disk Encryption Software on Data-Intensive Mobile Devices
   Yang Hu, John C.S. Lui, Wenjun Hu, Xiaobo Ma, Jianfeng Li, Xiao Liang
   Journal of Future Generation Computer Systems. Elsevier, Sep. 2017.
   Paper

Featured Projects

Repairing Privilege Escalations in Cloud Access Control

Addressing privilege escalations in cloud access control configurations is crucial for improving security assurance for cloud customers. However, the area of repairing IAM privilege escalations due to IAM misconfigurations is relatively underexplored. To secure cloud access control, we propose a novel IAM Privilege Escalation Repair Engine called IAMPERE that utilizes MaxSAT and Graph Neural Networks to efficiently generates an approximately minimal patch for repairing a broader range of privilege escalations.

Model Enumeration and Counting with Symmetry Information for Alloy Spec.

Alloy is a mature tool-set that provides first-order relational logic for writing specifications, and a fully automatic powerful backend for analyzing the specifications. Symmetry breaking is a useful approach for pruning the search space to efficiently check the satisfiability of combinatorial problems. We present an approach called SymMC, which utilizes the symmetry information to improve the efficiency of model enumeration and counting for Alloy specifications.

Detecting Access Control Vulnerabilities in Linux Kernel

Access control is essential for the Operating System (OS) security. Incorrect implementation of access control can introduce new attack surfaces to the OS, known as Kernel Access Control Vulnerabilities (KACVs). To solve this problem, we propose a precise, scalable hybrid analysis approach called ACHyb to detect KACVs due to missing or misusing permission checks.

Automated Program Repair for Introductory Programming Assignments

Our project aims at automatically repairing severely incorrect programs given at least one reference program. This is achieved by conducting software refactoring on reference programs to generate diverse correct programs, which are then used to facilitate block-level patch synthesis. Our approach has been applied to intelligent tutoring for programming education.

Academic Services