Chijin Zhou (周炽金) PhD student School of Software, Tsinghua University Email: tlock.chijin at gmail dot com [Google Scholar] [Github]

About me

I am a PhD student at the Software System Security Assurance Group at Tsinghua University since September 2022, supervised by Prof. Yu Jiang. Before that, I received my bachelor and master degree from Beijing Institute of Technology in 2018 and Tsinghua University in 2021, respectively. My research interests span system security and software engineering, especially fuzzing and program analysis.

Publications

• Automatic Policy Synthesis and Enforcement for Protecting Untrusted Deserialization.
  Quan Zhang, Yiwen Xu, Zijing Yin, Chijin Zhou, and Yu Jiang
  In Proceedings of NDSS’24 (to appear).

• An Empirical Study of Data Disruption by Ransomware Attacks.
  Yiwei Hou, Lihua Guo, Chijin Zhou, Yiwen Xu, Zijing Yin, Shanshan Li, Chengnian Sun, Yu Jiang
  In Proceedings of ICSE’24 (to appear).

• Towards Better Semantics Exploration for Browser Fuzzing.
  Chijin Zhou, Quan Zhang, Lihua Guo, Mingzhe Wang, Yu Jiang, Qing Liao, Zhiyong Wu, Shanshan Li, Bin Gu
  In Proceedings of OOPSLA’23. (doi, slide, source)

• Building Dynamic System Call Sandbox With Partial Order Analysis.
  Quan Zhang, Chijin Zhou, Yiwen Xu, Zijing Yin, Mingzhe Wang, Zhuo Su, Chengnian Sun, Yu Jiang, Jiaguang Sun
  In Proceedings of OOPSLA’23. (doi)

• Limits of I/O Based Ransomware Detection: An Imitation Based Attack.
  Chijin Zhou, Lihua Guo, Yiwei Hou, Zhenya Ma, Quan Zhang, Mingzhe Wang, Zhe Liu, and Yu Jiang
  In Proceedings of S&P’23. (doi, tool)

• DAISY: Effective Fuzz Driver Synthesis with Object Usage Sequence Analysis.
  Mingrui Zhang, Chijin Zhou, Jianzhong Liu, Mingzhe Wang, Jie Liang, Juan Zhu and Yu Jiang
  In Proceedings of ICSE’23-SEIP. (doi)

• Minerva: Browser API Fuzzing with Dynamic Mod-Ref Analysis.
  Chijin Zhou, Quan Zhang, Mingzhe Wang, Lihua Guo, Jie Liang, Zhe Liu, Mathias Payer, Yu Jiang
  In Proceedings of ESEC/FSE’22. (doi, slides, source, Distinguished Paper Award)
  

• Empirical Study of System Resources Abused by IoT Attackers.
  Zijing Yin, Yiwen Xu, Chijin Zhou and Yu Jiang
  In Proceedings of ASE’22. (doi)

• Unicorn: Detect Runtime Errors in Time-Series Databases with Hybrid Input Synthesis.
  Zhiyong Wu, Jie Liang, Mingzhe Wang, Chijin Zhou, Yu Jiang
  In Proceedings of ISSTA’22. (doi)

• Odin: On-Demand Instrumentation with On-the-Fly Recompilation.
  Mingzhe Wang, Jie Liang, Chijin Zhou, Zhiyong Wu, Xinyi Xu, Yu Jiang
  In Proceedings of PLDI’22. (doi)

• PATA: Fuzzing with Path Aware Taint Analysis.
  Jie Liang, Mingzhe Wang, Chijin Zhou, Zhiyong Wu, Yu Jiang, Jianzhong Liu, Zhe Liu, Jiaguang Sun
  In Proceedings of S&P’22. (doi)

• RIFF: Reduced Instruction Footprint for Coverage-Guided Fuzzing.
  Mingzhe Wang, Jie Liang, Chijin Zhou, Yu Jiang, Rui Wang, Chengnian Sun, Jiaguang Sun
  In Proceedings of USENIX ATC’21. (paper)

• Industry Practice of Coverage-Guided Enterprise-Level DBMS Fuzzing.
  Mingzhe Wang, Zhiyong Wu, Xinyi Xu, Jie Liang, Chijin Zhou, Huafeng Zhang and Yu Jiang
  In Proceedings of ICSE’21-SEIP. (doi)

• Industrial Oriented Evaluation of Fuzzing Techniques.
  Mingzhe Wang, Jie Liang, Chijin Zhou, Yuanliang Chen, Zhiyong Wu, Yu Jiang
  In Proceedings of ICST’21 (industry track). (doi)

• Zeror: Speed Up Fuzzing with Coverage-sensitive Tracing and Scheduling.
  Chijin Zhou, Mingzhe Wang, Jie Liang, Zhe Liu, Yu Jiang
  In Proceedings of ASE’20. (doi)

• VisFuzz: Understanding and Intervening Fuzzing with Interactive Visualization.
  Chijin Zhou, Mingzhe Wang, Jie Liang, Zhe Liu, Chengnian Sun, Yu Jiang
  In Proceedings of ASE’19 (demo track). (doi, source)

• Enfuzz: Ensemble fuzzing with seed synchronization among diverse fuzzers.
  Yuanliang Chen, Yu Jiang, Fuchen Ma, Jie Liang, Mingzhe Wang, Chijin Zhou, Xun Jiao, Zhuo Su
  In Proceedings of USENIX Sec’19. (paper)

• Pafl: extend fuzzing optimizations of single mode to industrial parallel mode.
  Jie Liang, Yu Jiang, Yuanliang Chen, Mingzhe Wang, Chijin Zhou, Jiaguang Sun
  In Proceedings of ESEC/FSE’18 (industry track). (doi)

Work Experience

• Compiler research intern (2023.6-2023.8)
  Kuaishou Tech, Hangzhou, China
  Researched on superoptimization.

• Security research intern (2020.6-2020.8)
  Tencent Blade Team, Tencent Tech, Shenzhen, China
  Researched on cloud native security and container security. Discovered two vulnerabilities on Kubernetes (CVE-2020-8560 and CVE-2020-8556; 1200$ awarded), and an out-of-range bug in a standard library of Golang.

Honors and Awards

• 2022, ACM SIGSOFT Distinguished Paper Award, ESEC/FSE’22

• 2021, Distinguished Master's Thesis Award, Tsinghua University

• 2021, Outstanding Graduate Award, Tsinghua University

• 2020, VMware Scholarship, Tsinghua University

• 2019, MITSUBISHI Scholarship, Tsinghua University

• 2018, Outstanding Graduate Award, Beijing Institute of Technology

• 2016, grand prize of ”Century Cup” Technology Competition, Beijing Institute of Technology

Vulnerability Disclosure

Independently discovered 30+ vulnerabilities in several open-source projects including Safari (WebKit), Kubernetes, Golang, PostgresSQL, libjpeg, and 20+ of them have CVE IDs. Details are profiled in my security advisories.