I am an applied scientist at Amazon Web Services, working on GenAI for security. I earned my Ph.D. in the Department of Electrical and Computer Engineering at The University of Texas at Austin supervised by Prof. Mohit Tiwari. I was also working closely with Prof. Sarfraz Khurshid. My research interests mainly lie in software security, automated reasoning, machine learning, and software engineering. Before Ph.D. at UT Austin, I was working with Prof. Abhik Roychoudhury at National University of Singapore, and Prof. John C.S. Lui at The Chinese University of Hong Kong. I received my bachelor's and master's degrees with honors from Xi'an Jiaotong University.
Addressing privilege escalations in cloud access control configurations is crucial for improving security assurance for cloud customers. However, the area of repairing IAM privilege escalations due to IAM misconfigurations is relatively underexplored. To secure cloud access control, we propose a novel IAM Privilege Escalation Repair Engine called IAMPERE that utilizes MaxSAT and Graph Neural Networks to efficiently generates an approximately minimal patch for repairing a broader range of privilege escalations.
Alloy is a mature tool-set that provides first-order relational logic for writing specifications, and a fully automatic powerful backend for analyzing the specifications. Symmetry breaking is a useful approach for pruning the search space to efficiently check the satisfiability of combinatorial problems. We present an approach called SymMC, which utilizes the symmetry information to improve the efficiency of model enumeration and counting for Alloy specifications.
Access control is essential for the Operating System (OS) security. Incorrect implementation of access control can introduce new attack surfaces to the OS, known as Kernel Access Control Vulnerabilities (KACVs). To solve this problem, we propose a precise, scalable hybrid analysis approach called ACHyb to detect KACVs due to missing or misusing permission checks.
Our project aims at automatically repairing severely incorrect programs given at least one reference program. This is achieved by conducting software refactoring on reference programs to generate diverse correct programs, which are then used to facilitate block-level patch synthesis. Our approach has been applied to intelligent tutoring for programming education.