Yang Hu

Applied Scientist @ AWS PhD @ UT Austin huyang@utexas.edu

About

I am an applied scientist at Amazon Web Services, working on Agentic AI for security. I earned my Ph.D. in the Department of Electrical and Computer Engineering at The University of Texas at Austin, supervised by Prof. Mohit Tiwari. I also worked closely with Prof. Sarfraz Khurshid. My research interests mainly lie in software security, automated reasoning, machine learning, and software engineering. Before UT Austin, I worked with Prof. Abhik Roychoudhury at NUS, and Prof. John C.S. Lui at CUHK. I received my bachelor’s and master’s degrees with honors from Xi’an Jiaotong University.

News

No matching news items. Try a different keyword or choose “All”.

Dec 2025

Launch AWS Security Agent (Preview) has been launched! ( Video )
Aug 2024

Role Joined AWS as a full-time applied scientist.
Jul 2024

Service Invited reviewer at AAAI’25.
Jul 2024

Degree Doctoral defense passed!
May 2024

Service Invited reviewer at NeurIPS’24.
Mar 2024

Talk Invited talk at UIUC ACE Center for Evolvable Computing.
Jan 2024

Paper NeuroBack paper accepted by ICLR’24 (acceptance rate: 31%).
Oct 2023

Data DataBack dataset released on HuggingFace.

Show older news

Aug 2023

Paper Paper accepted by ASE’23 (acceptance rate: 21%).
Aug 2023

Service Invited reviewer at AAAI’24.
May 2023

Service Artifact evaluation committee at PLDI’23.
May 2023

Role Rejoined AWS Automated Reasoning Group for summer internship.
Jan 2023

Talk Invited talk at Intel Labs.
Jun 2022

Paper Paper accepted by ESEC/FSE’22 (acceptance rate: 22%).
May 2022

Role Joined AWS Automated Reasoning Group as an applied science summer intern.
Dec 2021

Paper Paper accepted by ICSE’22 (acceptance rate: 26%).

Publications

Efficient IAM Greybox Penetration Testing

Yang Hu*, Wenxi Wang*, Sarfraz Khurshid, Mohit Tiwari

arXiv preprint

Paper

NeuroBack: Improving CDCL SAT Solving using Graph Neural Networks

Wenxi Wang, Yang Hu, Mohit Tiwari, Sarfraz Khurshid, Ken McMillan, Risto Miikkulainen

ICLR 2024

Paper Data

Fixing Privilege Escalations in Cloud Access Control with MaxSAT and Graph Neural Networks

Yang Hu*, Wenxi Wang*, Sarfraz Khurshid, Ken McMillan, Mohit Tiwari

ASE 2023

Paper Code Slides

SymMC: Approximate Model Enumeration and Counting Using Symmetry Information for Alloy Specifications

Wenxi Wang, Yang Hu, Ken McMillan, Sarfraz Khurshid

ESEC/FSE 2022

Paper Code

SapientML: Synthesizing Machine Learning Pipelines by Learning from Human-Written Solutions

Ripon Saha, Akira Ura, Sonal Mahajan, Chenguang Zhu, Linyi Li, Yang Hu, Hiroaki Yoshida, Sarfraz Khurshid, Mukul R. Prasad

ICSE 2022 • work done during internship at Fujitsu Research of America - AI Lab

Paper Code

ACHyb: A Hybrid Analysis Approach to Detect Kernel Access Control Vulnerabilities Artifacts Available Badge Artifacts Evaluated Badge

Yang Hu, Wenxi Wang, Casen Hunger, Riley Wood, Sarfraz Khurshid, Mohit Tiwari

ESEC/FSE 2021

Paper Code

Re-factoring based Program Repair applied to Programming Assignments

Yang Hu, Umair Z. Ahmed, Sergey Mechtaev, Ben Leong, Abhik Roychoudhury

ASE 2019

Paper Code Data

Exploiting Non-Uniform Program Execution Time to Evade Record/Replay Forensic Analysis

Yang Hu, Mingshen Sun, John C.S. Lui

Computers & Security (Elsevier), Apr 2019

Paper

Taming Energy Cost of Disk Encryption Software on Data-Intensive Mobile Devices

Yang Hu, John C.S. Lui, Wenjun Hu, Xiaobo Ma, Jianfeng Li, Xiao Liang

Future Generation Computer Systems (Elsevier), Sep 2017

Paper

Featured Projects

Repairing Privilege Escalations in Cloud Access Control

Addressing privilege escalations in cloud access control configurations is crucial for improving security assurance. We propose an IAM Privilege Escalation Repair Engine (IAMPERE) that utilizes MaxSAT and Graph Neural Networks to efficiently generate an approximately minimal patch for repairing a broader range of privilege escalations.

Cloud Security Identity & Access Management (IAM) MaxSAT Graph Neural Network (GNN)

Model Enumeration and Counting with Symmetry for Alloy

Alloy provides first-order relational logic for writing specs with an automatic backend for analysis. We present SymMC, which leverages symmetry information to improve the efficiency of model enumeration and counting for Alloy specifications.

Alloy Symmetry Breaking Model Counting Automated Reasoning

Detecting Access Control Vulnerabilities in the Linux Kernel

Incorrect access control implementation can introduce Kernel Access Control Vulnerabilities (KACVs). We propose ACHyb, a precise and scalable hybrid analysis approach to detect KACVs due to missing or misused permission checks.

Kernel Security Access Control Hybrid Analysis

Automated Program Repair for Introductory Programming Assignments

We repair severely incorrect programs given at least one reference solution by refactoring reference programs to generate diverse correct variants, enabling block-level patch synthesis. This has been applied to intelligent tutoring for programming education.

Program Repair Refactoring Programming Education

Academic Service

AAAI 2025 Reviewer
NeurIPS 2024 Reviewer
AAAI 2024 Reviewer
ISSTA 2023 Artifact Evaluation Committee
PLDI 2023 Artifact Evaluation Committee
USENIX Security 2023 Artifact Evaluation Committee
ISSTA 2022 Artifact Evaluation Committee
Journal of Information and Software Technology Reviewer