Ph.D. candidate at University of California, Riverside, wildly interest in system security and kernel exploit.
Bio
Xiaochen/笑尘 is a Ph.D. candidate at University of California, Riverside, advised by Professor Zhiyun Qian. Xiaochen earned his bachelor degree from University of Electronic Science and Technology of China.
He was a CTF player of CNSS, focusing on reverse engineering and pwn. During his Ph.D., Xiaochen mainly works on system security including bug discovery, program analysis, and kernel exploit.
Xiaochen’s research is primarily concentrated on Linux kernel fuzzing and program analysis, and he has a broad interest in AI-driven security and Android access control. Based on the program analysis techniques of symbolic execution and static taint analysis, Xiaochen has developed security tools that discovered multiple Linux kernel vulnerabilities. He also has a track record of successfully developing multiple Linux kernel exploits in the past, leading to local privilege escalation on the latest Ubuntu kernel.
Access Xiaochen’s CV.
Pubs
SyzBridge: Bridging the Gap in Exploitability Assessment of Linux Kernel Bugs in the Linux Ecosystem
Xiaochen Zou, Yu Hao, Zheng Zhang, Juefei Pu, Weiteng Chen, Zhiyun Qian
The Network and Distributed System Security Symposium (NDSS) 2024 [paper] [code]
K-LEAK: Towards Automating the Generation of Multi-Step Infoleak
Exploits against the Linux Kernel
Zhengchuan Liang, Xiaochen Zou, Chengyu Song, Zhiyun Qian
The Network and Distributed System Security Symposium (NDSS) 2024 [paper] [code]
SyzGen++: Dependency Inference for Augmenting Kernel Driver
Fuzzing
Weiteng Chen, Yu Hao, Zheng Zhang, Xiaochen Zou, Dhilung Kirat, Shachee Mishra, Douglas Schales, Jiyong Jang, Zhiyun Qian
IEEE Security and Privacy (Oakland) 2024 (To be appeared) [paper]
SyzDescribe: Principled, Automated, Static Generation of Syscall Descriptions for Kernel Drivers
Yu Hao, Guoren Li, Xiaochen Zou, Weiteng Chen, Shitong Zhu, Zhiyun Qian, and Ardalan Amiri Sani
IEEE Security and Privacy (Oakland) 2023 [paper][code]
SyzScope: Revealing High-Risk Security Impacts of Fuzzer-Exposed Bugs in Linux kernel
Xiaochen Zou, Guoren Li, Weiteng Chen, Hang Zhang, Zhiyun Qian
USENIX Security 2022 [paper] [code]
Eluding ML-based Adblockers With Actionable Adversarial Examples
Shitong Zhu, Zhongjie Wang, Xun Chen, Shasha Li, Keyu Man, Umar Iqbal, Zhiyun Qian, Kevin S. Chan, Srikanth V. Krishnamurthy, Zubair Shafiq, Yu Hao, Guoren Li, Zheng Zhang, Xiaochen Zou
ACSAC 2021 [paper]
Statically Discovering High-Order Taint Style Vulnerabilities in OS Kernels
Hang Zhang, Weiteng Chen, Yu Hao, Guoren Li, Yizhuo Zhai, Xiaochen Zou, and Zhiyun Qian
ACM CCS 2021 [paper]
{KOOBE}: Towards Facilitating Exploit Generation of Kernel Out-Of-Bounds Write Vulnerabilities
Weiteng Chen, Xiaochen Zou, Guoren Li, Zhiyun Qian
Credits
CVE-2021-33034
CVE-2021-33033
CVE-2020-36386
CVE-2019-25044
CVE-2020-36385
CVE-2018-25015
CVE-2020-36387
CVE-2019-25045
News
Pub: Our paper “SyzBridge: Bridging the Gap in Exploitability Assessment of Linux Kernel Bugs in the Linux Ecosystem” was accepted by NDSS 2024
NDSS 2024
November, 2024
Pub: Our paper “K-LEAK: Towards Automating the Generation of Multi-Step Infoleak Exploit against Linux Kernel” was accepted by NDSS 2024
NDSS 2024
November, 2024
Pub: Our paper “INFUZE: Dependency Inference for Augmenting Kernel Driver Fuzzing” was accepted by S&P 2024
S&P (Oakland) 2024
October, 2024
Reward: Received Google Research Scholar Program Reward for my research paper “SyzScope”
Google Research Scholar Program Reward
April, 2023
Talk: SyzScope: Revealing High-Risk Security Impacts of Fuzzer-Exposed Bugs
USENIX Security 2022
Augest, 2022 [slides]
Post: Published a Linux 0-day exploit and the full walkthrough write-up
CVE-2022-27666
March, 2022 [tweet] [post] [code]
Contest: Exploiting the LAN interface of the NETGEAR R6700v3 router
Pwn2Own 2021 Austin
Talk: Scrutinizing bugs found by syzbot
Linux Security Summit North America 2021
Milestone: Passed Ph.D. candidate qualifying exam
University of California, Riverside
Jun, 2021
Sub-reviewer: USENIX Security
USENIX Security ’21 Winter
Feb, 2021
Sub-reviewer: IEEE S&P
IEEE S&P ’21 Fall
Oct, 2020
Sub-reviewer: NDSS
NDSS ’21 Fall, NDSS ’20 Summer, NDSS ’20 Fall
Contest: Won 3th prize in the National Cyber Security Competition of college students
National Cyber Security Competition of college students
2018
Contest: Won 7th prize in 0ctf
Tencent
2017
Contest: Won 1st in Anheng National Security Competition in west-south district
DBAPPSecurity
2017, 2016
Contest: Won 5th in DDCTF
DiDi
2016
Contest: Won 1st prize in National Olympiad in Informatics of Provinces(NOIP)
National Olympiad in Informatics of Provinces
2013