Publications 论文发表

A Survey of Hardware Improvements to Secure Program Execution Permalink

Published in: 发表于：ACM Computing Surveys (CSUR), 2024

Survey of hardware-implemented security features and how they protect program executions. 本文梳理了由硬件支持的安全特性，以及它们如何保护程序执行。

Lianying Zhao, He Shuang, Shengjie Xu, Wei Huang, Rongzhen Cui, Pushkar Bettadpur and David Lie. "A Survey of Hardware Improvements to Secure Program Execution". In ACM Computing Surveys (CSUR), Association for Computing Machinery, New York, NY, USA, 2024.
Download Paper 下载论文

PrepPipe: Prototyping Compiler for Attainable Visual Novel Development Permalink

Published in: 发表于：IEEE Conference on Games (CoG), 2024

Positioning paper for PrepPipe Project, a fast prototyping tool for visual novel games. 语涵编译器项目的论文。该项目旨在为视觉小说游戏创作者快速构建游戏原型。

Shengjie Xu. "PrepPipe: Prototyping Compiler for Attainable Visual Novel Development". In Proceedings of 2024 IEEE Conference on Games (IEEE CoG 2024), August 2024.
Download Paper 下载论文

MIFP: Selective Fat-Pointer Bounds Compression for Accurate Bounds Checking Permalink

Published in: 发表于：International Symposium on Research in Attacks, Intrusions and Defenses (RAID), 2023

MIFP adds uncompressed, accutate bounds for compressed capability in CHERI architecture to guarantee accurate bounds checking. 为使 CHERI 架构保持指针边界检查的准确性， MIFP 项目给压缩的胖指针额外追加未压缩的精确边界并用其做检查。

Shengjie Xu, Eric Liu, Wei Huang, and David Lie. "MIFP: Selective Fat-Pointer Bounds Compression for Accurate Bounds Checking". In Proceedings of The 26th International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2023), October 2023.
Download Paper 下载论文

FLUX: Finding Bugs with LLVM IR Based Unit Test Crossovers Permalink

Published in: 发表于：IEEE/ACM International Conference on Automated Software Engineering (ASE), 2023

To improve bug detection of compilers (e.g., LLVM), Flux mutates and combines existing test cases from the LLVM repo to create new tests. Flux found 28 new bugs after 1 month of fuzzing. 为改进对编译器（如 LLVM ）的 Bug 检测，Flux 通过对 LLVM 中已有的单元测试进行变换与组合生成新的测试用例。 Flux 在一个月的 fuzz 测试中找到了28个新的 Bug。

Eric Liu, Shengjie Xu, and David Lie. "FLUX: Finding Bugs with LLVM IR Based Unit Test Crossovers". In Proceedings of The 38th IEEE/ACM International Conference on Automated Software Engineering (ASE 2023), September 2023.
Download Paper 下载论文

Aion Attacks: Exposing Software Timer in Trusted Execution Environment Permalink

Published in: 发表于：Conference on Detection of Intrusion and Malware and Vulnerability Assessment (DIMVA), 2021

Aion attack can manipulate software timers in TEE (used by defenses against cache probing or interrupts) by cache evictions or CPU thermal management. This work shows that TEE defences should not rely on the accuracy of software timers. Aion 攻击可以通过移除缓存、控制 CPU 过热保护的方式操纵 TEE 内基于软件的计时器的精度，使得使用这类计时器的针对缓存探测或者中断的防御机制失效。该工作证明 TEE 内防御机制不应依赖软件计时器的精度。

Wei Huang, Shengjie Xu, Yueqiang Cheng, and David Lie. "Aion Attacks: Exposing Software Timer in Trusted Execution Environment". In Proceedings of The 18th Conference on Detection of Intrusion and Malware and Vulnerability Assessment (DIMVA 2021), July 2021. (Best Paper Award)
Download Paper 下载论文

In-Fat Pointer: Hardware-Assisted Tagged-Pointer Spatial Memory Safety Defense with Subobject Granularity Protection Permalink

Published in: 发表于：ACM International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), 2021

In-Fat Pointer (IFP) provides spatial memory safety protection through hardware-software co-design. It extends RISCV with tagged pointers in memory but fat pointers in registers. The hardware fetches metadata according to the pointer tag and extends the regular-sized pointer to a fat pointer. To achieve fine-grained spatial protection, IFP proposes multiple pointer metadata schemes, each specialized for a specific kind of objects. IFP 项目使用软硬件协同以提供基于空间的内存保护。IFP 拓展了 RISCV 架构，在内存中使用带元数据标签的正常大小指针，在寄存器内使用胖指针。硬件可以根据指针上的元数据标签来读取更大的元数据以组成胖指针。为了提供足够精细的保护，IFP提供了多种元数据组织结构，每种都针对特定类型对象做了优化。

Shengjie Xu, Wei Huang, and David Lie. 2021. "In-Fat Pointer: Hardware-Assisted Tagged-Pointer Spatial Memory Safety Defense with Subobject Granularity Protection". In Proceedings of the 26th ACM International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2021), April 2021.
Download Paper 下载论文

Shengjie Xu 徐晟杰