[December 2021] Our paper about synthesizing machine learning pipelines has been accepted by ICSE'22 (acceptance rate: 26%).
Interactive Greybox Penetration Testing for Cloud Access Control using IAM Modeling and Deep Reinforcement Learning Yang Hu*, Wenxi Wang*, Sarfraz Khurshid, Mohit Tiwari arXiv preprint Paper
NeuroBack: Improving CDCL SAT Solving using Graph Neural Networks Wenxi Wang, Yang Hu, Mohit Tiwari, Sarfraz Khurshid, Ken McMillan, Risto Miikkulainen arXiv preprint PaperData
Fixing Privilege Escalations in Cloud Access Control with MaxSAT and Graph Neural Networks Yang Hu*, Wenxi Wang*, Sarfraz Khurshid, Ken McMillan, Mohit Tiwari The 38th IEEE/ACM International Conference on Automated Software Engineering (ASE'23) PaperCodeSlides
SymMC: Approximate Model Enumeration and Counting Using Symmetry Information for Alloy Specifications Wenxi Wang, Yang Hu, Ken McMillan, Sarfraz Khurshid The 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE'22) PaperCode
SapientML: Synthesizing Machine Learning Pipelines by Learning from Human-Written Solutions Ripon Saha, Akira Ura, Sonal Mahajan, Chenguang Zhu, Linyi Li, Yang Hu, Hiroaki Yoshida, Sarfraz Khurshid, Mukul R. Prasad The 44th International Conference on Software Engineering (ICSE'22) Note: work done during the internship at Fujitsu Research of America - AI Lab PaperCode
ACHyb: A Hybrid Analysis Approach to Detect Kernel Access Control Vulnerabilities
Yang Hu, Wenxi Wang, Casen Hunger, Riley Wood, Sarfraz Khurshid, Mohit Tiwari The 29th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE'21)
Re-factoring based Program Repair applied to Programming Assignments
Yang Hu, Umair Z. Ahmed, Sergey Mechtaev, Ben Leong, Abhik Roychoudhury The 34th IEEE/ACM International Conference on Automated Software Engineering (ASE'19) PaperCodeData
Exploiting Non-Uniform Program Execution Time to Evade Record/Replay Forensic Analysis Yang Hu, Mingshen Sun, John C.S. Lui Journal of Computers & Security. Elsevier, Apr. 2019. Paper
Taming Energy Cost of Disk Encryption Software on Data-Intensive Mobile Devices Yang Hu, John C.S. Lui, Wenjun Hu, Xiaobo Ma, Jianfeng Li, Xiao Liang Journal of Future Generation Computer Systems. Elsevier, Sep. 2017. Paper
Repairing Privilege Escalations in Cloud Access Control
Addressing privilege escalations in cloud access control configurations is crucial for improving security assurance for cloud customers. However, the area of repairing IAM privilege escalations due to IAM misconfigurations is relatively underexplored. To secure cloud access control, we propose a novel IAM Privilege Escalation Repair Engine called IAMPERE that utilizes MaxSAT and Graph Neural Networks to efficiently generates an approximately minimal patch for repairing a broader range of privilege escalations.
Model Enumeration and Counting with Symmetry Information for Alloy Spec.
Alloy is a mature tool-set that provides first-order relational logic for writing specifications, and a fully automatic powerful backend for analyzing the specifications. Symmetry breaking is a useful approach for pruning the search space to efficiently check the satisfiability of combinatorial problems. We present an approach called SymMC, which utilizes the symmetry information to improve the efficiency of model enumeration and counting for Alloy specifications.
Detecting Access Control Vulnerabilities in Linux Kernel
Access control is essential for the Operating System (OS) security. Incorrect implementation of access control can introduce new attack surfaces to the OS, known as Kernel Access Control Vulnerabilities (KACVs). To solve this problem, we propose a precise, scalable hybrid analysis approach called ACHyb to detect KACVs due to missing or misusing permission checks.
Automated Program Repair for Introductory Programming Assignments
Our project aims at automatically repairing severely incorrect programs given at least one reference program. This is achieved by conducting software refactoring on reference programs to generate diverse correct programs, which are then used to facilitate block-level patch synthesis. Our approach has been applied to intelligent tutoring for programming education.