-
Notifications
You must be signed in to change notification settings - Fork 0
/
index.html
213 lines (196 loc) · 11.6 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Qingkai Shi's Homepage</title>
<meta name="keywords" content="Qingkai Shi, QingkaiShi, Pinpoint, Static Code Analyzer, Program Analysis and Testing">
<meta name="viewport" content="initial-scale=1, maximum-scale=3, minimum-scale=1, user-scalable=no">
<link rel="icon" type="image/x-icon" href="images/favicon.ico">
<link href="fontawesome/css/fontawesome.css" rel="stylesheet">
<link href="fontawesome/css/brands.css" rel="stylesheet">
<link href="fontawesome/css/solid.css" rel="stylesheet">
<link rel="stylesheet" href="https://cdn.jsdelivr.net/gh/jpswalsh/academicons@1/css/academicons.min.css">
<link href="style.css" rel="stylesheet">
<script src="auto.js"></script>
</head>
<body>
<div id="container"> <div id="sidebar">
<img src="images/sqk2.jpg" alt="" title="Miami Beach, FL 2023" width="150">
<h3 style='margin:15px 0 2px 0'>Qingkai Shi, Ph.D.</h3>
Associate Professor<br>
<ul class="author-urls">
<li><i class="fa-solid fa-envelope"></i> <a href="mailto:qingkaishi AT nju DOT edu DOT cn"> Email</a></li>
<li><i class="ai ai-google-scholar-square"></i> <a href="https://scholar.google.com/citations?user=EmSYY1EAAAAJ&hl=en"> Google Scholar</a></li>
<li><i class="ai ai-dblp"></i> <a href="https://dblp.org/pid/145/3943.html"> DBLP</a></li>
<li><i class="fa-brands fa-orcid"></i> <a href="https://orcid.org/0000-0002-8297-8998"> ORCID</a></li>
<li><i class="fa-brands fa-twitter"></i> <a href="https://twitter.com/QingkaiS"> Twitter</a></li>
<li><i class="fa-brands fa-square-github"></i> <a href="https://github.com/qingkaishi"> Github</a></li>
</ul>
<hr/>
<ul class="author-urls">
<li><i class="fa-solid fa-circle-info"></i> <a href="/Publications.html"> Publications</a></li>
<li><i class="fa-solid fa-circle-info"></i> <a href="/Teaching.html"> Teaching</a></li>
<li><i class="fa-solid fa-circle-info"></i> <a href="/CVE.html"> CVE</a></li>
<li><i class="fa-solid fa-circle-info"></i> <a href="/Students.html"> Students</a></li>
<li><i class="fa-solid fa-circle-info"></i> <a href="/Services.html"> Services</a></li>
<li><i class="fa-solid fa-circle-info"></i> <a href="/public_pdfs/CV.pdf"> CV (en/</a><a href="/public_pdfs/CV_Zh.pdf">Zh)</a></li>
</ul>
</div><div id="main">
<h1 style='margin:0 0 10px 0'>Welcome to Qingkai's Homepage</h1>
<div id="content">
<div id="navigation" style="clear:both; margin:0 0 1.5rem 0; display: none">
<hr />
<center>
<p style="font-size:small;"><a href="/Publications.html">Publications</a> | <a
href="https://scholar.google.com/citations?user=EmSYY1EAAAAJ&hl=en">Google
Scholar</a> | <a href="/CVE.html">CVE</a> | <a href="/Teaching.html">Teaching</a> | <a
href="/Students.html">Students</a> | <a href="/Services.html">Services</a> | <a
href="/public_pdfs/CV.pdf">Curriculum Vitae (en/</a><a
href="/public_pdfs/CV_Zh.pdf">Zh)</a></p>
</center>
<hr />
</div>
<div id="ad" style="margin: 0 0 .5rem 0"><u>If you like programming and are
interested in compilers and compiler-based security techniques, drop by Office
518 or send an email for Ph.D. and Master positions or Bachelor's thesis
topics.</u></div>
<div id="ad" style="margin: 0 0 1.5rem 0"><u>Please consider submitting papers
to <a href="https://conf.researchr.org/home/issta-2025">ISSTA'25</a>, <a
href="https://sp2025.ieee-security.org/">SP'25</a>, <a
href="https://www.sigsac.org/ccs/CCS2025/">CCS'25</a>, where Qingkai serves on
the program committee.</u></div>
<div id="bio" style="margin: 0 0 .5rem 0">Qingkai Shi is an associate professor
in the School of Computer Science at Nanjing University. His research focuses on
the use of compiler techniques, especially static program analysis, to
rigorously ensure software security. He has published extensively at premium
venues of programming languages (PLDI, OOPSLA), cybersecurity (SP, CCS), and
software engineering (ICSE, ESEC/FSE). His research received many awards,
including two ACM SIGPLAN Distinguished Paper Awards, two ACM SIGSOFT
Distinguished Paper Awards, a Google Research Paper Reward, and <a
style="color:black" href="/public_pdfs/HKPFS.pdf">the Hong Kong Ph.D.
Fellowship</a>.</div>
<div id="bio" style="margin: 0 0 1.5rem 0">Qingkai obtained his Ph.D. from the
Hong Kong University of Science and Technology. He co-founded Sourcebrella LLC,
where his research was commercialized. He then moved to Ant Group as
Sourcebrella was acquired. Qingkai also enjoyed a wonderful period as a
postdoctoral researcher at Purdue University.</div>
<ul style="margin-right: 5mm;padding-inline-start:18px">
<li style="margin: 0 0 1.5rem 0"><b>Static Analysis for Bug Scanning</b>
<p>Pinpoint is an industrial-strength automated software bug scanner. It has
found hundreds of vulnerabilities with many CVEs in mature systems<a
style="color:black" href="/catapult.html"> <i
class="fa-solid fa-square-up-right fa-xs"></i></a>. It was successfully
commercialized at Sourcebrella LLC, which was acquired by <a style="color:black"
href="https://www.antgroup.com/en">Ant Group</a> in 2020 for improving the
quality of many products such as <a style="color:black"
href="https://global.alipay.com/platform/site/ihome">Alipay</a>, a popular
digital payment app with over a billion monthly active users. Interested readers
can refer to this <a style="color:black" href="/public_pdfs/thesis.pdf">doctoral
dissertation</a> as well as follow-up works on path-sensitive sparse dataflow
analysis (<a href="/public_pdfs/PLDI2018.pdf">PLDI'18</a>, <span class="sp1"
style="display:none"><a href="/public_pdfs/ICSE2020a.pdf">ICSE'20a</a>, <a
href="/public_pdfs/ICSE2020b.pdf">ICSE'20b</a>, <a
href="/public_pdfs/ISSTA20-Trident.pdf">ISSTA'20a</a>,</span> <a
href="/public_pdfs/PLDI21-Fusion.pdf">PLDI'21</a>, <a
href="/public_pdfs/OOPSLA22-FLARE.pdf">OOPSLA'22a</a>, <span class="sp1"
style="display:none"><a href="/public_pdfs/TOSEM23.pdf">TOSEM'23</a>, <a
href="/public_pdfs/ICSE24.pdf">ICSE'24</a>,</span> <a
href="/public_pdfs/PLDI24.pdf">PLDI'24</a>, <a href=""
onclick="show_list('sp1'); return false;">…</a>) and approaches to detecting
specific bug types (<span class="sp2" style="display:none"><a
href="/public_pdfs/ICSE2019.pdf">ICSE'19</a>, <a
href="/public_pdfs/ISSTA20-VeriBuild.pdf">ISSTA'20b</a>, <a
href="/public_pdfs/ISSTA20-CCD.pdf">ISSTA'20c</a>, </span><a
href="/public_pdfs/OOPSLA21.pdf">OOPSLA'21</a>, <a
href="/public_pdfs/OOPSLA22Cres.pdf">OOPSLA'22b</a>, <span class="sp2"
style="display:none"><a href="/public_pdfs/ICSE22.pdf">ICSE'22</a>, <a
href="/public_pdfs/FSE22.pdf">ESEC/FSE'22</a>, <a
href="/public_pdfs/SP2024.pdf">SP'24</a>, <a
href="https://ieeexplore.ieee.org/document/10689456">TSE'25</a>, <a
href="#">ICSE'25</a>,</span> <a href=""
onclick="show_list('sp2'); return false;">…</a>). Two ACM Distinguished Paper
Awards were awarded for these studies.</p>
<p><i>Keywords</i>: path-sensitive and sparse dataflow analysis, memory safety
analysis, taint analysis.</p>
<!--<div class='red_label tag'> path-sensitive and sparse dataflow analysis </div>
<div class='gray_label tag'> memory corruptions </div>
<div class='blue_label tag'> taint issues </div>--></li>
<li style="margin: 0 0 1.5rem 0"><b>Static Analysis for Reverse Engineering</b>
<p>Reverse engineering by static program analysis attempts to understand through
logical reasoning how a previously made software accomplishes a task with very
little insight into exactly how it does so. The research group focuses on
network protocol reverse engineering to ensure network security (<a
href="/public_pdfs/CCS23.pdf">CCS'23</a>, <a
href="/public_pdfs/SEC23.pdf">SEC'23</a>, <a
href="/public_pdfs/OOPSLA2024.pdf">OOPSLA'24</a>), as well as reverse
engineering of machine code for binary analysis (<a
href="/public_pdfs/SP23DARM.pdf">SP'23</a>, <a
href="/public_pdfs/ISSTA23.pdf">ISSTA'23</a>, <a
href="/public_pdfs/FSE23.pdf">ESEC/FSE'23</a>). These techniques are expected to
facilitate automated security analysis, such as bug scanning and fuzz testing.
To date, many zero-day vulnerabilities have been discovered through these
techniques<a style="color:black" href="/Reverse_Engineering.html"> <i
class="fa-solid fa-square-up-right fa-xs"></i></a>, and an ACM SIGPLAN
Distinguished Paper Award was received.</p>
<p><i>Keywords</i>: network security, network protocols, disassembly, binary
similarity.</p>
<!--<div class='light_green_label tag'> disassembly </div>
<div class='dark_blue_label tag'> binary similarity </div>
<div class='green_label tag'> network security </div>
<div class='dark_pink_label tag'> protocols </div>--></li>
<li style="margin: 0 0 1.5rem 0"><b>Static Analysis for Fuzz Testing</b>
<p>Fuzz testing is powerful for revealing security loopholes in software. The
research group is interested in leveraging static program analyses,
particularly, abstract interpretation, to make a general fuzzer more effective
and efficient (<a href="/public_pdfs/SP2020.pdf">SP'20</a>, <a
href="/public_pdfs/SP22.pdf">SP'22</a>, <span class="sp4"
style="display:none"><a
href="https://ieeexplore.ieee.org/abstract/document/10149344">TDSC'23</a>,</span>
<a href="" onclick="show_list('sp4'); return false;">…</a>). The group is also
interested in applying fuzzers to domain-specific application scenarios,
including compilers or interpreters, constraint solvers or theorem provers,
network or distributed systems, to name a few (<span class="sp3"
style="display:none"><a href="/public_pdfs/TSE2016.pdf">TSE'16</a>, <a
href="/public_pdfs/TR2016.pdf">TR'16</a>, <a
href="/public_pdfs/ISSTA20-DeepGini.pdf">ISSTA'20</a>, </span><a
href="/public_pdfs/FSE21.pdf">ESEC/FSE'21</a>, <a
href="/public_pdfs/ISSTA2021.pdf">ISSTA'21</a>, <a
href="https://dl.acm.org/doi/abs/10.1145/3691620.3695530">ASE'24</a>, <a
href="/public_pdfs/ISSTA24.pdf">ISSTA'24</a>, <span class="sp3"
style="display:none"><a
href="https://dl.acm.org/doi/pdf/10.1145/3647994">TOSEM'24</a>, </span><a
href="" onclick="show_list('sp3'); return false;">…</a>). By fuzzing, hundreds
of bugs in state-of-the-art constraint solvers<a
style="color:black;margin-right:5px" href="https://smtfuzz.github.io/"> <i
class="fa-solid fa-square-up-right fa-xs"></i></a>and open-source software<a
style="color:black;margin-right:5px"
href="https://outstanding-hydrogen-2d1.notion.site/Trophies-aef45e1245a64528bd8ec111b475e03b">
<i class="fa-solid fa-square-up-right fa-xs"></i></a>have been discovered. The
study received an ACM SIGSOFT Distinguished Paper Award and a Google Research
Paper Reward.</p>
<p><i>Keywords</i>: incremental fuzzing, directed fuzzing, testing large and
complex systems.</p>
</li>
</ul>
<!-- by Texy2! --> </div>
</div></div>
<div id="footer-container">
<div id="footer">
Copyright 2024 Qingkai Shi. Last modified: 2024.11. <br>
<div id="edit">
<a href="./?edit=Introduction">Edit page</a> |
<a href="./cv.php" target="_blank">Edit resume</a> |
<a href="./fileupload.php" target="_blank">Upload files</a> |
<a href="./?edit=">Create new page</a> <br>
</div>
<br>
<a href='https://clustrmaps.com/site/1a3c7' title='Visit tracker' id='tracker-link'>
<img src='images/map_v2.png' id='tracker-img'/>
</a>
<div class="vl"></div>
<img src='images/QR.jpg' height=90px id='weixin-img'/>
</div>
<style onload="complete_load()"></style>
</div>
</body>
</html>