Qiushi Wu

Ph.D. student in the Department of Computer Science & Engineering, at the University of Minnesota (Twin Cities)

Email: wu000273 at umn.edu

Office: 5-248 Keller Hall, 200 Union St SE Minneapolis, MN 55455

I am a Ph.D. student in the Computer Science & Engineering Department at the University of Minnesota, advised by professor Kangjie Lu. I received my undergraduate B.A. in the Information Science & Engineering Department of the University of Science and Technology of China in 2018. My primary research interest is applications of program analysis techniques on operating systems such as the Linux kernel.

Google scholar | CV

Research

My research aims to protect widely used systems programs such as operating systems (OS) kernels with billions of users from security and reliability issues. Specifically, my research includes: (1) developing fundamental techniques that enable precise and scalable program analysis and (2) studying and detecting critical security bugs in foundational programs. In the past two years, I have designed and implemented several automated analysis tools, which scale precise symbolic execution to OS kernels with 27 million lines of code and detected hundreds of security bugs in multiple widely used systems such as the Linux kernel and the OpenSSL library; these works have been published at prestigious conferences including IEEE S&P, USENIX Security, NDSS, ESORICS, and etc. My works are impactful. On the one hand, the precise and scalable symbolic execution serves as a foundational technology that could benefit a variety of areas such as software engineering, systems, and compilers. On the other hand, my works are able to find a large number of critical security bugs in widely used programs with billions of users, thus can improve the security of computer systems, protect the integrity of user data and the privacy of users.

Publications

2021

• On the Feasibility of Stealthily Introducing Vulnerabilities in Open-Source Software via Hypocrite Commits [PDF] [FAQ] [Withdrawal-Letter] [Case-study disclosure] [Open letter to Linux]
  Qiushi Wu, and Kangjie Lu.

• Understanding and Detecting Disordered Error Handling with Precise Function Pairing [PDF]
  Qiushi Wu, Aditya Pakki, Navid Emamdoost, Stephen McCamant, and Kangjie Lu.
  To appear in the 30th USENIX Security Symposium (Security’21). Vancouver, Canada, August 2021.

• Detecting Kernel Memory Leaks in Specialized Modules with Ownership Reasoning [PDF]
  Navid Emamdoost, Qiushi Wu, Kangjie Lu, and Stephen McCamant.
  To appear in the 2021 Annual Network and Distributed System Security Symposium (NDSS’21). San Diego, CA, February 2021.

2020

• Precisely Characterizing Security Impact in a Flood of Patches via Symbolic Rule Comparison [PDF, bib, slides,video]
  Qiushi Wu, Yang He, Stephen McCamant, and Kangjie Lu.
  In Proceedings of the 2020 Annual Network and Distributed System Security Symposium (NDSS’20). San Diego, CA, February 2020.

2019

• Detecting Missing-Check Bugs via Semantic- and Context-Aware Criticalness and Constraints Inferences [PDF, bib, slides, video, git]
  Kangjie Lu, Aditya Pakki, and Qiushi Wu. In Proceedings of the 28th USENIX Security Symposium (Security’19). Santa Clara, CA, August 2019.

• Automatically Identifying Security Checks for Detecting Kernel Semantic Bugs [PDF, bib, git]
  Kangjie Lu, Aditya Pakki, and Qiushi Wu.
  In Proceedings of the 24th European Symposium on Research in Computer Security (ESORICS’19). Luxembourg, September 2019.

Teaching

• Fall 2018: CSCI 2021 Machine Architecture and Organization

This site is open source. Improve this page.