Publications

• [VMCAI-25] Yuncheng Wang, Puzhuo Liu, Yaowen Zheng, Dongliang Fang, Zhiwen Pan, Shuaizong Si, Weidong Zhang and Limin Sun, Automated Flaw Detection for Industrial Robot RESTful Service. International Conference on Verification, Model Checking and Abstract Interpretation, 2025 (CCF-B).

• [ISSTA-24] Cen Zhang, Yaowen Zheng*, Mingqiang Bai, Yeting Li, Wei Ma, Xiaofei Xie, Yuekang Li, Limin Sun, Yang Liu. How Effective Are They? Exploring Large Language Model Based Fuzz Driver Generation. The ACM SIGSOFT International Symposium on Software Testing and Analysis, 2024 (CCF-A).

• [ASPLOS-24] Puzhuo Liu, Yaowen Zheng*, Chengnian Sun, Chuan Qin, Dongliang Fang, Mingdong Liu, Limin Sun. FITS: Inferring Intermediate Taint Sources for Effective Vulnerability Analysis of IoT Device Firmware. 29th International Conference on Architectural Support for Programming Languages and Operating Systems, 2024 (CCF-A).

• [TOSEM-24] Puzhuo Liu, Yaowen Zheng*, Chengnian Sun, Hong Li, Zhi Li, Limin Sun. Battling against Protocol Fuzzing: Protecting Networked Embedded Devices from Dynamic Fuzzers. ACM Transactions on Software Engineering and Methodology, 2024 (CCF-A).

• [WWW-24] Zhengjie Du, Yuekang Li#, Yaowen Zheng*, Xiaohan Zhang, Cen Zhang, Yi Liu, Sheikh Mahbub Habib, Xinghua Li, Linzhang Wang, Yang Liu, Bing Mao. Medusa: Unveil Memory Exhaustion DoS Vulnerabilities in Protocol Implementations. Proceedings of the ACM Web Conference, 2024 (CCF-A).

• [TOSEM-24] Puzhuo Liu, Chengnian Sun, Yaowen Zheng, Xuan Feng, Chuan Qin, Yuncheng Wang, Zhenyang Xu, Zhi Li, Peng Di, Yu Jiang, Limin Sun. LLM-Powered Static Binary Taint Analysis. ACM Transactions on Software Engineering and Methodology, 2024 (CCF-A).

• [ACM Comput Surv-24] Xiaohan Zhang, Cen Zhang, Xinghua Li, Zhengjie Du, Bing Mao, Yuekang Li, Yaowen Zheng, Yeting Li, Li Pan, Yang Liu, Robert H. Deng, A Survey of Protocol Fuzzing. ACM Computing Surveys, 2024, 57(2): 1-36 (IF>20).

• [TOSEM-24] Zhihao Lin, Wei Ma, Tao Lin, Yaowen Zheng, Jingquan Ge, Jun Wang, Jacques Klein, Tegawende Bissyande, Yang Liu, Li Li, Open-Source AI-based SE Tools: Opportunities and Challenges of Collaborative Software Learning. ACM Transactions on Software Engineering and Methodology, 2024 (CCF-A).

• [SEA4DQ-24] Yi Liu, Gelei Deng, Zhengzi Xu, Yuekang Li, Yaowen Zheng, Ying Zhang, Lida Zhao, Tianwei Zhang, Kailong Wang, A Hitchhiker’s Guide to Jailbreaking ChatGPT via Prompt Engineering. Proceedings of the 4th International Workshop on Software Engineering and AI for Data Quality in Cyber-Physical Systems/Internet of Things.

• [ESE-24] Dongming Xiang, Yuanchang Lin, Liming Nie, Yaowen Zheng, Zhengzi Xu, Zuohua Ding, Yang Liu. An empirical study of attack-related events in DeFi projects development. Empirical Software Engineering, 2024 (CCF-B).

• [ISSTA-23] Kai Cheng, Yaowen Zheng*, Tao Liu, Le Guan, Peng Liu, Hong Li, Hongsong Zhu, Kejiang Ye, Limin Sun. Detecting Vulnerabilities in Linux-based Embedded Firmware with SSE-based On-demand Alias Analysis. In Proceedings of the 32st ACM SIGSOFT International Symposium on Software Testing and Analysis, 2023 (CCF-A).

• [USENIX SEC-23] Cen Zhang, Yuekang Li, Hao Zhou, Xiaohan Zhang, Yaowen Zheng, Xian Zhan, Xiaofei Xie, Xiapu Luo, Xinghua Li, Yang Liu and Sheikh Mahbub Habib. Automata-Guided Control-Flow-Sensitive Fuzz Driver Generation. In Proceedings of the 32nd USENIX Security Symposium, 2023 (CCF-A).

• [DATE-23] Jingquan Ge, Yuekang Li, Yang Liu, Yaowen Zheng, Yi Liu and Lida Zhao, PumpChannel: An Efficient and Secure Communication Channel for Trusted Execution Environment on ARM-FPGA Embedded SoC. Design, Automation and Test in Europe Conference, 2023 (CCF-B).

• [Computers & Security]-23 Chuan Qin, Jiaqian Peng, Puzhuo Liu, Yaowen Zheng, Kai Cheng, Weidong Zhang, and Limin Sun. UCRF: Static Analyzing Firmware to Generate Under-constrained Seed for Fuzzing SOHO Router. Computers & Security, 2023 (CCF-B).

• [ISSTA-22] Yaowen Zheng, Yuekang Li, Cen Zhang, Hongsong Zhu, Yang Liu, Limin Sun. Efficient Greybox Fuzzing of Applications in Linux-based IoT Devices via Enhanced User-mode Emulation. In Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA), 2022 (CCF-A).

• [JSA-22] Puzhuo Liu, Yaowen Zheng, Zhanwei Song, Dongliang Fang, Shichao Lv and Limin Sun. Fuzzing proprietary protocols of programmable controllers to find vulnerabilities that affect physical control. In Journal of Systems Architecture, 2022 (CCF-B).

• [CSCS-22] Jingquan Ge, Yuekang Li, Yaowen Zheng, Yang Liu, Sheikh Mahbub Habib. More Secure Collaborative APIs resistant to Flush-Based Cache Attacks on Cortex-A9 Based Automotive System. In Proceedings of the 6th ACM Computer Science in Cars Symposium, 2022.

• [WASA-22] Mengjie Sun, Ke Li, Yaowen Zheng, Weidong Zhang, Hong Li, Limin Sun. Inferring Device Interactions for Attack Path Discovery in Smart Home IoT. International Conference on Wireless Algorithms, Systems, and Applications, 2022.

• [ACNS-22] Yue Sun, Shichao Lv, Jianzhou You, Yuyan Sun, Xin Chen, Yaowen Zheng, Limin Sun. IPSpex: Enabling Efficient Fuzzing via Specification Extraction on ICS Protocol. In International Conference on Applied Cryptography and Network Security (ACNS), 2022.

• [IOT-22] Wei Zhou, Chen Cao, Dongdong Huo, Kai Cheng, Lan Zhang, Le Guan, Tao Liu, Yan Jia, Yaowen Zheng, Yuqing Zhang, Limin Sun, Yazhe Wang, Peng Liu. Reviewing IoT Security via Logic Bugs in IoT Platforms and Systems. In IEEE Internet of Things Journal, 2021.

• [ACSAC-21] Dongliang Fang, Zhanwei Song, Le Guan, Puzhuo Liu, Anni Peng, Kai Cheng, Yaowen Zheng, Peng Liu, Hongsong Zhu and Limin Sun. ICS3Fuzzer: A Framework for Discovering Protocol Implementation Bugs in ICS Supervisory Software by Fuzzing. In Annual Computer Security Applications Conference, 2021 (CCF-B).

• [SEC-21] Kai Cheng, Dongliang Fang, Chuan Qin, Huizhao Wang, Yaowen Zheng, Nan Yu, Limin Sun, Automatic Inference of Taint Sources to Discover Vulnerabilities in SOHO Router Firmware. In ICT Systems Security and Privacy Protection, 2021.

• [ACNS-20] Qian Chen, Kai Cheng, Yaowen Zheng, Hongsong Zhu, Limin Sun. Function-level Data Dependence Graph and its Application in Static Vulnerability Analysis. In Journal of Software, 2020.

• [USENIX SEC-19] Yaowen Zheng, Ali Davanian, Heng Yin, Chengyu Song, Hongsong Zhu, Limin Sun. FIRM-AFL: High-throughput greybox fuzzing of IoT firmware via augmented process emulation. In USENIX Security Symposium, 2019 (CCF-A).

• [IPCCC-19] Yaowen Zheng, Zhanwei Song, Yuyan Sun, Kai Cheng, Hongsong Zhu, and Limin Sun. An Efficient Greybox Fuzzing Scheme for Linux-based IoT Programs Through Binary Static Analysis. In Proceedings of 38th International Performance Computing and Communications Conference, 2019.

• [Journal of Cyber Security-19] Yaowen Zheng, Hui Wen, Kai Cheng, Zhanwei Song, Hongsong Zhu, Limin Sun, A Survey of IoT Device Vulnerability Mining Techniques. In Journal of Cyber Security, 2019.

• [DSN-18] Kai Cheng, Qiang Li, Lei Wang, Qian Chen, Yaowen Zheng, Limin Sun, Zhenkai Liang. Detecting the Taint-Style Vulnerability in Embedded Device Firmware. In IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2018 (CCF-B).

• [ICICS-16] Yaowen Zheng, Kai Cheng, Zhi Li, Shiran Pan, Hongsong Zhu, and Limin Sun. A Lightweight Method for Accelerating Discovery of Taint-Style Vulnerabilities in Embedded Systems. In Proceedings of the 18th International Conference on Information and Communications Security, 2016.