sign in sign up
<<
Home , Tan (surname)

Dongrui Email: [email protected] Phone: +1 484 666 8809

Dongrui Zeng

Email: [email protected] Home page: http://www.personal.psu.edu/dxz16 Education • PhD Candidate in Computer Science (GPA: 4.0/4.0), advised by Prof. Tan, Gang - Thesis: Evaluating the Attack Surface of Control Flow Integrity - Pennsylvania State University, University Park, PA; 1/2016-12/2021 - Lehigh University, Bethlehem, PA; 8/2014-12/2015 • B.S. in Computational Mathematics (GPA: 84/100) - Nanjing University, Nanjing, China; awarded in 7/2014 Professional Experience • Security Research Engineer Intern – Palo Alto Networks, Santa Clara, CA; 5/2021-8/2021 – Researched on assembly-code features by reverse engineering for classifying PE executables – Designed a DBSCAN and hash-matching combined clustering method – Implemented a voting based malware detection with the optimal precision/F1 at 99.0%/86.7% Research Experience • Binary-level reverse engineering – From Debugging-Information Based Binary-level Type Inference to CFG Generation (CODASPY’18) ∗ Proposed a data-flow based type inference static analysis for X86 assembly code ∗ Wrote a disassembler utilizing GCC/LLVM’s debugging information and other metadata ∗ Achieved 99.7% accuracy in assigning type information to binary-level indirect branches – Refining Indirect Call Targets at the Binary Level (NDSS’21) ∗ Proposed a novel memory model to make Value-Set-Analysis scalable for CFG construction ∗ Implemented a Control Flow Integrity defense with Intel’s Pin and mentored a junior PhD ∗ Achieved the state-of-the-art binary-level CFG generation with the pursuit of soundness • Security and Privacy – Program-mandering: Quantitative Privilege Separation (CCS’19) ∗ Used Remote Procedural Call (RPC) for inter-process communication in a process-based isolation ∗ Resulted in an interactive tool for efficiently finding the most satisfactory boundary of partitioning ∗ Modeled a multi-goal graph partitioning problem in Integer Programming and led the experiment – Attack-surface evaluation of Control-Flow Integrity policies (TrustCom’21) ∗ Proposed a memory-corruption aware dependency tracking static analysis for evaluating attack surface ∗ Invented a more accurate metric for the size of attack surface than traditional ones ∗ Follow-up: value tracking analysis assisted automatic exploitation generation (thesis work) – Outcomes of more security research collaborations ∗ Security evaluation of cryptographic misuses in Android apps (in submission) ∗ Information flow tracking with the existence of Android native code (major revision for TDSC) ∗ Resilient remote control flow attestation (ACSAC’21)

1 Dongrui Zeng Email: [email protected] Phone: +1 484 666 8809

• Machine learning – Inferring alias and buffer-bounds information through deep learning (in submission) ∗ Transformed program analysis into link prediction problem and solved it by Graph Neural Network ∗ Mentored other 2 junior PhD candidates in paper preparation and contributed most of the writings ∗ Achieved 85.3% accuracy for our test set and averagely 96.6% accuracy for 3 real-world benchmarks – Applied machine learning to additive manufacturing (in submission) ∗ ML-based prediction of the energy cost based on the material properties and manufacturing parameters ∗ Thorough experiments with 6 models, e.g., Neural Network and XGBoost, with Scikit-Learn ∗ XGBoost yielded the best regression model with only around 5% of Mean Squared Error (MSE) Honors and Awards • Outstanding Paper Award, From Debugging-Information Based Binary-Level Type Inference to CFG Generation, 8th ACM Conference on Data and Application Security and Privacy (CODASPY), 2018. • China Undergraduate Mathematical Contest in Modeling, Third Prize in Jiangsu Province, 2012 • The People’s Scholarship, Nanjing University, 2011 • The Best Freshmen Scholarship, Nanjing University, 2010 Publications in Computer Science • , Y.; , X.; , C.; Zeng, D.; Tan, G.; Kan X.; and S. (2021). ReCFA: Resilient Control-Flow Attestation. To appear in The 2021 Annual Computer Security Applications Conference (ACSAC). • Zeng, D.; Niu, B.; and Tan, G. (2021). MazeRunner: Evaluating the Attack Surface of Control-Flow Integrity Policies. To appear in 20th International Conference on Trust, Security and Privacy in Computing and Commu- nications (TrustCom). • Kim, S. H.; Sun, C.; Zeng, D; and Tan, G. (2021). Refining Indirect Call Targets at the Binary Level. In The Network and Distributed System Security Symposium (NDSS). • (Liu, S. and Zeng, D.); , Y.; Capobianco, F.; McCamant, S.; Jaeger, T.; and Tan, G. (2019). Program- mandering: Quantitative Privilege Separation. In 26th ACM Conference on Computer and Communications Security (CCS). Co-first author and conference presentation. • Zeng, D. and Tan, G. (2018). From debugging-information based binary-level type inference to CFG generation. In 8th ACM Conference on Data and Application Security and Privacy (CODASPY). Outstanding paper award and conference presentation. Presentations • Program-mandering: Quantitative Privilege Separation. In 26th ACM Conference on Computer and Communi- cations Security (CCS), London, UK, Nov. 2019. • From debugging-information based binary-level type inference to CFG generation. In 8th ACM Conference on Data and Application Security and Privacy (CODASPY), Tempe, Mar. 2018. Teaching • Teaching Assistant of CSE 262, Programming , Fall 15 Services • Member of conference program committees. – SECURWARE 2020, the Fourteenth International Conference on Emerging Security Information, Systems and Technologies. – SECURWARE 2021, the Fifteenth International Conference on Emerging Security Information, Systems and Technologies. • External reviewer.

2 Dongrui Zeng Email: [email protected] Phone: +1 484 666 8809

– IEEE Transactions on Computers, 2021

3