Yang Hu

Yang Hu

Email: huyang@utexas.edu

Applied Scientist at Amazon Web Services
PhD at The University of Texas at Austin

Yang Hu

huyang@utexas.edu
Scientist @ AWS, PhD @ UT Austin

About Me


I am an applied scientist at Amazon Web Services, working on GenAI for security. I earned my Ph.D. in the Department of Electrical and Computer Engineering at The University of Texas at Austin supervised by Prof. Mohit Tiwari. I was also working closely with Prof. Sarfraz Khurshid. My research interests mainly lie in software security, automated reasoning, machine learning, and software engineering. Before Ph.D. at UT Austin, I was working with Prof. Abhik Roychoudhury at National University of Singapore, and Prof. John C.S. Lui at The Chinese University of Hong Kong. I received my bachelor's and master's degrees with honors from Xi'an Jiaotong University.

News


  • [July 2024] I was invited to serve as a reviewer in AAAI'25.
  • [May 2024] I was invited to serve as a reviewer in NeurIPS'24.
  • [March 2024] I was invited to give a talk in UIUC ACE Center for Evolvable Computing.
  • [January 2024] Our NeuroBack paper about using GNN to accelerate SAT solving has been accepted by ICLR'24 (acceptance rate: 31%).
  • [October 2023] Our DataBack dataset (with 120,286 SAT formulas and backbone variable phases) has been released on HuggingFace.
  • [August 2023] Our paper on fixing privilege escalations in cloud access control has been accepted by ASE'23 (acceptance rate: 21%).
  • [August 2023] I was invited to serve as a reviewer in AAAI'24.
  • [May 2023] I joined the artifact evaluation committee in PLDI'23.
  • [May 2023] I rejoined AWS Automated Reasoning Group for summer internship.
  • [January 2023] I was invited to give a talk in Intel Labs.
  • [June 2022] Our paper about model enumeration and counting using symmetry information has been accepted by ESEC/FSE'22 (acceptance rate: 22%).
  • [May 2022] I joined AWS Automated Reasoning Group as an applied science summer intern.
  • [December 2021] Our paper about synthesizing machine learning pipelines has been accepted by ICSE'22 (acceptance rate: 26%).

Publications


  1. Interactive Greybox Penetration Testing for Cloud Access Control using IAM Modeling and Deep Reinforcement Learning
    Yang Hu*, Wenxi Wang*, Sarfraz Khurshid, Mohit Tiwari
    arXiv preprint
    Paper
  2. NeuroBack: Improving CDCL SAT Solving using Graph Neural Networks
    Wenxi Wang, Yang Hu, Mohit Tiwari, Sarfraz Khurshid, Ken McMillan, Risto Miikkulainen
    The 12th International Conference on Learning Representations (ICLR'24)
    Paper Data
  3. Fixing Privilege Escalations in Cloud Access Control with MaxSAT and Graph Neural Networks
    Yang Hu*, Wenxi Wang*, Sarfraz Khurshid, Ken McMillan, Mohit Tiwari
    The 38th IEEE/ACM International Conference on Automated Software Engineering (ASE'23)
    Paper Code Slides
  4. SymMC: Approximate Model Enumeration and Counting Using Symmetry Information for Alloy Specifications
    Wenxi Wang, Yang Hu, Ken McMillan, Sarfraz Khurshid
    The 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE'22)
    Paper Code
  5. SapientML: Synthesizing Machine Learning Pipelines by Learning from Human-Written Solutions
    Ripon Saha, Akira Ura, Sonal Mahajan, Chenguang Zhu, Linyi Li, Yang Hu, Hiroaki Yoshida, Sarfraz Khurshid, Mukul R. Prasad
    The 44th International Conference on Software Engineering (ICSE'22)
    Note: work done during the internship at Fujitsu Research of America - AI Lab
    Paper Code
  6. ACHyb: A Hybrid Analysis Approach to Detect Kernel Access Control Vulnerabilities
    Yang Hu, Wenxi Wang, Casen Hunger, Riley Wood, Sarfraz Khurshid, Mohit Tiwari
    The 29th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE'21)
    Paper Code
  7. Re-factoring based Program Repair applied to Programming Assignments
    Yang Hu, Umair Z. Ahmed, Sergey Mechtaev, Ben Leong, Abhik Roychoudhury
    The 34th IEEE/ACM International Conference on Automated Software Engineering (ASE'19)
    Paper Code Data
  8. Exploiting Non-Uniform Program Execution Time to Evade Record/Replay Forensic Analysis
    Yang Hu, Mingshen Sun, John C.S. Lui
    Journal of Computers & Security. Elsevier, Apr. 2019.
    Paper
  9. Taming Energy Cost of Disk Encryption Software on Data-Intensive Mobile Devices
    Yang Hu, John C.S. Lui, Wenjun Hu, Xiaobo Ma, Jianfeng Li, Xiao Liang
    Journal of Future Generation Computer Systems. Elsevier, Sep. 2017.
    Paper

Featured Projects


IAMPERE

Repairing Privilege Escalations in Cloud Access Control

Addressing privilege escalations in cloud access control configurations is crucial for improving security assurance for cloud customers. However, the area of repairing IAM privilege escalations due to IAM misconfigurations is relatively underexplored. To secure cloud access control, we propose a novel IAM Privilege Escalation Repair Engine called IAMPERE that utilizes MaxSAT and Graph Neural Networks to efficiently generates an approximately minimal patch for repairing a broader range of privilege escalations.

SYMMC SYMMC2

Model Enumeration and Counting with Symmetry Information for Alloy Spec.

Alloy is a mature tool-set that provides first-order relational logic for writing specifications, and a fully automatic powerful backend for analyzing the specifications. Symmetry breaking is a useful approach for pruning the search space to efficiently check the satisfiability of combinatorial problems. We present an approach called SymMC, which utilizes the symmetry information to improve the efficiency of model enumeration and counting for Alloy specifications.

ACHYB

Detecting Access Control Vulnerabilities in Linux Kernel

Access control is essential for the Operating System (OS) security. Incorrect implementation of access control can introduce new attack surfaces to the OS, known as Kernel Access Control Vulnerabilities (KACVs). To solve this problem, we propose a precise, scalable hybrid analysis approach called ACHyb to detect KACVs due to missing or misusing permission checks.

REFACYOTY

Automated Program Repair for Introductory Programming Assignments

Our project aims at automatically repairing severely incorrect programs given at least one reference program. This is achieved by conducting software refactoring on reference programs to generate diverse correct programs, which are then used to facilitate block-level patch synthesis. Our approach has been applied to intelligent tutoring for programming education.

Academic Services