Chijin Zhou Master student School of Software, Tsinghua University Email: zcj18 at mails.tsinghua.edu.cn [C.V.] [Google Scholar] [Github]

About me

My name is Chijin Zhou (周炽金). I am currently a third-year master student in the Software System Security Assurance Group at Tsinghua University, supervised by Prof. Yu Jiang. Before that, I received my B.Eng. in Software Engineering from Beijing Institute of Technology in 2018.

My research interests span system security and software engineering, especially fuzzing and program analysis.

Pronunciation of my name: Chijin ['tʃɪ'dʒɪn].

Publications

• Industry Practice of Coverage-Guided Enterprise-Level DBMS Fuzzing.
  Mingzhe Wang, Zhiyong Wu, Xinyi Xu, Jie Liang, Chijin Zhou, Huafeng Zhang and Yu Jiang
  ICSE’21-SEIP: Proceedings of the 43rd International Conference on Software Engineering, Software Engineering in Practice, 2021.

• Industrial Oriented Evaluation of Fuzzing Techniques.
  Mingzhe Wang, Jie Liang, Chijin Zhou, Yuanliang Chen, Zhiyong Wu, Yu Jiang
  ICST’21-Industry: Proceedings of the 14th IEEE International Conference on Software Testing, Validation and Verification, Industry Track, 2021.

• Zeror: Speed Up Fuzzing with Coverage-sensitive Tracing and Scheduling.
  Chijin Zhou, Mingzhe Wang, Jie Liang, Zhe Liu, Yu Jiang
  ASE’20: Proceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering, 2020.

• VisFuzz: Understanding and Intervening Fuzzing with Interactive Visualization.
  Chijin Zhou, Mingzhe Wang, Jie Liang, Zhe Liu, Chengnian Sun, Yu Jiang
  ASE’19-Demo: Proceedings of the 34th IEEE/ACM International Conference on Automated Software Engineering, Tool Demonstrations, 2019.

• Enfuzz: Ensemble fuzzing with seed synchronization among diverse fuzzers.
  Yuanliang Chen, Yu Jiang, Fuchen Ma, Jie Liang, Mingzhe Wang, Chijin Zhou, Xun Jiao, Zhuo Su
  Sec’19: Proceedings of the 28th USENIX Security Symposium, 2019.

• Pafl: extend fuzzing optimizations of single mode to industrial parallel mode.
  Jie Liang, Yu Jiang, Yuanliang Chen, Mingzhe Wang, Chijin Zhou, Jiaguang Sun
  FSE’18-Industry: Proceedings of the 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, Industry Track, 2018.

Work Experience

• Security research intern (2020.6-2020.8)
  Tencent Blade Team, Tencent, Shenzhen, China
  Researched on cloud native security and container security. Discovered two vulnerabilities on Kubernetes (CVE-2020-8560 and CVE-2020-8556), and an out-of-range bug in a standard library of Golang.

Honors and Awards

• 2020, VMware Scholarship, Tsinghua University

• 2019, MITSUBISHI Scholarship, Tsinghua University

• 2018, Outstanding Graduate Award, Beijing Institute of Technology

• 2016, grand prize of ”Century Cup” Technology Competition, Beijing Institute of Technology

Vulnerability Disclosure

Independently discovered 30+ vulnerabilities in several open-source projects including Kubernetes, Golang, PostgresSQL, libjpeg, and 19 of them have CVE IDs. Details are profiled in my security advisories.