軟體安全實驗室

SOftware SECURITY LAbORATORY

DEpT. Management Information Systems

College of Commerce, National Chengchi University

 
 

The Software Security Laboratory (SoSLab, pronounced so-slab) at NCCU is the research group under the supervision of Prof. Fang Yu with tech-oriented mis graduate students and under graduate students.  General research interests of SoSLab span the areas of security, verification, and program analysis techniques with the aim of improving the correctness and reliability of software. Our goal is to investigate formal techniques and develop practical tools for system developers and public users who made SOS (Secure Our Software) calls. Our current research addresses Web/Cloud/App/Smart Contract security and vulnerabilities.




 

Fang Yu: Welcome to SoSLab@NCCU

Be alert to the surroundings.

You might be shocked when you explore the risk of software applications.


News

TACAS 2019

Conference Deadline:

TACAS 2019 Nov. 7

soslab

[Publication] The paper: Malware Family Characterization with Recurrent Neural Network and GHSOM using System Calls has been accepted by CloudCom 2018.  Congrats to Chi-Feng Liu. Joint work with Prof. Shun-Wen Hsiao. (short paper)
[Award] Prof. Fang Yu received the 106 outstanding teaching award of Dept. of MIS, National Chengchi University, 2018.
[Services] Dr. Fang Yu serves the program committee of LATA 2019. Please consider to submit your articles.
[Publication] The paper: Parameterized Model Counting for String and Numeric Constraints has been accepted as a regular paper by ESEC/FSE 2018, Lake Buena Vista, Florida, United States. Joint work with Prof. Tevfik Bultan, Dr. Abdulbaki Aydin, Dr. Lucas Bang, William Eiers, Tegan Brennan, Miroslav Gavrilov.
[Publication] The paper: A Symbolic model Checking Approach to the Analysis of String and Length Constraints  has been published in ASE 2018. Montpellier, France. Joint work with Prof. Jie-Hong Jiang and Dr. Hung-En Wang.
[Publication] The paper: Tracking Supply Chain Process Variability with Unsupervised Cluster Traversal has been published in DataCom 2018. Congrats to TengYung Lin. Joint work with Prof. Hao-Chun Howard Chuang.
[Publication] The paper: Quantitative Quality Estimation of Cloud-based Streaming Services has been published in Computer Communications. (SCI, IF:3.338). [Elsevier]. Joint work with Prof. Yat-Wah Wan Prof. Rua-Huan Tsaih.
[Publication] The paper: Biparti Majority Learning with Tensors has been published in IEEE BigData Congress 2018. Congrats to ChiaRun Lee. Joint work with Prof. Shun-Wen Hsiao. (work in progress track)
[Services] Dr. Fang Yu serves the program committee of ICTSS 2018 and TCSE 2018. Please consider to submit your articles.
[Book] The book: String Analysis for Software Verification and Security can be ordered online. [Springer] [Amazon]
[Publication] The paper: Static API Call Vulnerabilities in iOS applications has been published in ICSE 2018, Gothenburg, Sweden. Congrats to Chun-Han Lin. Joint work with Prof. Jie-Hong Jiang and Prof. Tevfik Bultan. (poster)
[Award] Prof. Fang Yu received the 105 outstanding teaching award of College of Commerce, National Chengchi University, 2017.
[Publication] The paper: A Parallel Majority Learning Algorithm for Anomaly Detection has been published in IEEE DataCom 2017, Orlando, US. Congrats to Ya-Yun Peng. Joint work with Dr. Shin-Yin Huang. (poster)
[Services] Dr. Fang Yu serves the program committee of IFIP ICTSS 2017. Please consider to submit your articles.
[Services] Dr. Fang Yu (with Dr. Ming-Hsien Tsai) organizes the summer school FLOLAC 2017.
[Publication] The paper: An Effective Distributed GHSOM Algorithm for Unsupervised Clustering on Big Data has been published in IEEE BigData Congress 2017, Honolulu, US. Congrats to Chui-Hui Chiu and Jin-Jie Chen.
[Publication] The paper: Content-Sensitive Data Compression for IoT Streaming Services has been published in IEEE ICIOT 2017, Honolulu, US. Congrats to Chun-Chi Hsu and Yuan-Ting Fang. (short paper)
[Publication] The paper: Adaptive Social Network Services: The Practice of 9EMBA.com  has been published in IEEE EDGE 2017, Honolulu, US. Congrats to Chiou-Yi Cheng. Joint work with Yao-Huang Lin. (short paper)
[Visiting Scholar] Dr. Fang Yu serves the associate research scientist for the visit of Prof. Tevfik Bultan and VLab, University of California Santa Barbara in  July-Dec. 2016. 
[Services] Dr. Fang Yu serves the program committee of NETYS 2017. Please consider to submit your articles.
[Award] Chun-Tai Lin is awarded the MOST undergraduate student research grant, 2016-2017.
[Publication] The paper: Optimal Sanitization Synthesis for Web Application Vulnerability Repair has been published in ACM ISSTA 2016, Germany. Congrats to Ching-Yuan Shueh and Chun-Han Lin. Joint work with Dr. Yu-Fang Chen, Dr. Bow-Yaw Wang and Prof. Tevfik Bultan. 
[Publication] The paper: String Analysis via Automata Manipulation with Logic Circuit Representation has been published in CAV 2016, Toronto, CA. Congrats to Chun-Han Lin. Joint work with Hung-En Wang, Tzung-Lin Tsai, and Prof. Jie-Hong Jiang.
[Publication] The paper: Simulating Time-Varying Demand Services with Queuing Models has been published in IEEE SCC 2016, San Francisco, US. Congrats to Hsuan-Kai Chu. Joint work with Dr. Wan-Ping Chen. (application track)
[Publication] The paper: Gnafuy: a framework for ubiquitous computation has been published in IEEE Cloud 2016, San Francisco, US. Congrats to Jin-Jie Chen. (short paper)
[Publication] The paper: AppReco: Bahvior-aware Recommendation for iOS Mobile Applications has been published in IEEE ICWS 2016, San Francisco, US. Congrats to Zhi-Ruey Fang and Shu-Wei Huang. (application track)
[Publication] The book: Managing Innovation and Cultural Management in the Digital Era: The Case of the National Palace Museum edited by Prof. R. H. Tsaih and Prof. T.S. Han has been published. Dr. Fang Yu contributed the chapter: Investigating Security Mechanisms for ICT-enabled Services of the National Palace Museum. 2016. [Routledge Book].
[Services] Dr. Fang Yu serves the program committee of IEEE SCC 2016. Please consider to submit your articles.
[Presentation] Chun-Han Lin and Shu-Wei Huang present “SpaceConnection” and “AppReco” in WAVAS 2015.
[Publication] The paper: VISO: Characterizing Malicious Behaviors of Virtual Machines With Unsupervised Clustering has been accepted as a regular paper by IEEE CloudCom 2015, Vancouver, 2015. Congrats to Yen-Han Li. Joint work with Dr.Yue-Ruey Tzeng. 
[Industry Collaboration] Soslab initiates the intelligent green energy project with Wieson Tech. [lightfarm, news].
[Publication] The paper: Network-Traffic Anomaly Detection with Incremental Majority Learning has been accepted by IJCNN, Ireland, 2015. Joint work with Dr. Shinying Huang, Prof. Ruahuan Tsaih, and Prof. Yennun Huang.
[Publication] The paper: Space Connection: A New 3D Tele-Immersion Platform for Web-based Gesture-collaborative Games and Services has been accepted by ACM GAS@ICSE, Florence, Italy 2015.
[Services] Dr. Fang Yu serves the program committee of IEEE SCC 2015 and CloudCom 2015. Please consider to submit your articles.
[Award] Congrats to John Lin, Fifi Sun, Erine Ho and Spencer Lin to win the 2nd place of 2015 Microsoft Imagine Cup in the Taiwan Final Competition. The team also won the Merit award of the International student projects in Asia Pacific ICT Award (APICTA 2014), Jakarta, Indonesia, the Best Innovation Award in InnoServe Contest 2014, Taiwan, and was the first-prize winner of the MIS project competition, NCCU. 
[Tutorial talk] Prof. Tevfik Bultan and Dr. Fang Yu gave a tutorial talk on String analysis in the 22nd ACM SIGSOFT International Symposium on the Foundations of Software Engineering (FSE 2014), Hong Kong, Nov. 2014
[Services] Dr. Fang Yu serves the program committee of IEEE CloudCom 2014. Please consider to submit your articles.
[Award] Yi-Ann Lin receives the 2013 MOST innovative research award. Pei-Yu Sun is awarded the MOST undergraduate student research grant, 2014-2015.
[Presentation] Dr. Fang Yu gave an invited talk on Detecting and Patching Web Application Vulnerabilities in 2014 Big Data Workshop (BigData2014), Hong Kong, April, 2014.
[Publication] The paper: Resistant Learning on the Envelope Bulk for Identifying Anomalous Patterns has been accepted by IJCNN, Beijin, 2014. Joint work with Dr. Shinying Huang, Prof. Ruahuan Tsaih, and Prof. Yennun Huang.
[Best Paper Award] “Patcher: An Online Service for Detecting, Patching and Viewing Web Application Vulnerabilities.” The best paper award in HICSS 47 (Software Technology).
[Journal Publication] The paper: Topological Pattern Discovery and Feature Extraction for Fraudulent Financial Reporting has been accepted for publication in Expert Systems with Applications (SCI). Joint work with Dr. Shin-Ying Huang and Prof. Rua-Huan Tsaih.
[Services] I am serving the program committee of ACM LCTES 2014 and IEEE BigData 2014 (Taipei Satellite Session). Please consider to submit your articles.
[Award] Soslab virtualization introspection system was the winner of cloud security in the 2013 ITRI iSecurity project [digitimes].  
[Publication] The paper: Securing KVM-based Cloud Systems via Virtualization Introspection has been accepted by the HICSS 47. Hawaii, U.S. 2014. Congrats to Sheng-Wei Lee.
[Journal Publication] The paper: Automata-based Symbolic String Analysis for Vulnerability Detection has been published in Formal Methods in System Design (SCI).  Joint work with Dr. Muath Alkahalaf and Prof. Tevfik Bultan.
[Presentation] Dr. Fang Yu gave an invited talk on Detecting and Patching Web Application Vulnerabilities in the International Conference on Arts, Culture, New Media, and Entertainment (EITA New Media), Taipei, Nov. 2013.
[Award] Wei-Shao Tang and Yi-Ann Lin are awarded the NSC undergraduate student research grant, 2013-2014.
[Publication] The paper: A Control Policy for $gamma$-Nets without Reachability Analysis and Siphon Enumeration has been accepted by the 9th IEEE International Conference on Automation Science and Engineering (CASE 2013). Wisconsin, U.S.  (joint work with Dr. Wenhui Wu and Prof. Daniel Yuh Chao)
[Publication] The paper: AppBeach: Characterizing App Behaviors via Static Binary Analysis has been accepted by the IEEE 2nd International Conference on Mobile Services (MS 2013). Santa Clara, U.S. 
[Publication] The paper: Clustering iOS Executable Using Self-Organization Maps has been accepted by the 2013 International joint Conference on Neural Networks (IJCNN 2013). Dallas, U.S. (joint work with Hsin-Yin Huang and Prof. Rua-Huan Tsaih)
[Publication] The paper: Quantitative Analysis of Cloud-based Streaming Services has been accepted by the IEEE 10th International Conference on Services Computing (IEEE SCC 2013). Santa Clara, U.S. (joint work with Prof. Yat-Wah Wan and Prof. Rua-Huan Tsaih)
[Journal Publication] The paper: A Control Policy for a Subclass of Petri Nets without Reachability Analysis has been accepted to be published in the IET Control Theory and Applications (SCI). (joint work with Gaiyun Liu and Prof. Daniel Yuh Chao)
[Competition] Tim Chen, Kai-Chung Hsiao, Hsun-Yao Chen, Yuan-Jie Lee, Hao-Wen Sheng won the first prize of the MIS project competition, NCCU, Dec. 2012. [news] [ctitv][app]
[Publication] The paper: Innovation on Localized Information Exchange: the Services and their Implementation has been accepted by the 2012 International Conference on Innovation Studies (IS 2012), Taipei, Twain. 
[Publication] The paper: The Dual Approach for Decision Making has been accepted by DSI 2012, San Francisco. (joint work with Hsin-Yin Huang and Prof. Rua-Huan Tsaih)
[Summer Intern] Steven Tai@TSMC, Sheng-Wei Lee@IBM, Yuan-Jie Li@KPMG (awarded the NSC student project)
[Presentation] Dr. Fang Yu gave an invited talk on Patching Vulnerabilities with Sanitization Synthesis at the Institute of Software, Chinese Academy of Sciences, Beijing, June, 2012.  
[Publication] The paper: Symbolic Consistency Checking of OpenMP Parallel Programs has been accepted by ACM LCTES 2012. (joint work with Prof. Farn Wang and Shun-Chin Yang)
[Presentation] Steven Tai and Yi-Yang Tung present “AppBeach” and “Patcher” in WAVAS 2012.
[Publication] The paper: Enumeration of Reachable and Other States of Simple Version of Systems of Simple Sequential Processes with Resources  (S3PR) has been accepted by IEEE ISIE 2012. (joint work with Prof. Daniel Y. Chao, and Hung-Yi Chen)
[Journal Publication] The paper: A Novel Liveness Condition for S3PGR2 has been published by SAGE TIM. (joint work with Prof. Daniel Y. Chao and Jiun-Ting Chen)
[Journal Publication] The full-version paper: Relational String Verification Using Multi-track Automata has been published in IJFCS.
[Publication] EPTCS 73: Proceedings of the 13th International Worksop on Verification of Infinite State Systems, Taipei, Taiwan, Oct. 2011 (co-chaired with Prof. Chao Wang)
[Publication] The paper: Number of Reachable States for Simple Classes of Petri Nets has been accepted by IEEE IECON 2011. (joint work with Prof. Daniel Y. Chao)
[Publication] The paper: A Temporal Logic for the Interaction of Strategies has been accepted by CONCUR 2011. (joint work with Prof. Farn Wang and Chung-Hao Huang)
[Publication] The paper: String Abstractions for String Verification has been accepted by SPIN 2011. 
[Lecture] Formosan Summer School on Logic, Language, and Computation (FLOLAC 2011). [Slides]
[Publication] The paper: Patching Vulnerabilities with Sanitization Synthesis has been accepted by ICSE 2011.
[Award] Dr. Yu’s Dissertation has been nominated to 2010 ACM Doctoral Dissertation Award by UCSB. [Dissertation][Slides][UCSB news]
[Tool] The string analysis tool: StrAnGer can be downloaded from here (by vlab@ucsb).https://cyprusconferences.org/cloudcom2018/http://lata2019.irdta.eu/https://conf.researchr.org/home/fse-2018http://www.ase2018.com/http://www.ase2018.com/http://cyber-science.org/2018/datacom/http://cyber-science.org/2018/datacom/https://www.sciencedirect.com/science/article/pii/S0140366417310988http://conferences.computer.org/bigdatacongress/2018/https://ictss2018.uca.es/ictss/https://tcse2018.seat.org.tw/http://www.springer.com/gp/book/9783319686684https://www.amazon.com/String-Analysis-Software-Verification-Security/dp/3319686682https://www.icse2018.org/https://grid.chu.edu.tw/datacom2017/https://www.ictss2017.org/https://www.ictss2017.org/https://www.facebook.com/flolac.tw/http://www.ieeebigdata.org/2017/http://www.ieeebigdata.org/2017/http://iciot.org/2017/http://www.theedgecomputing.org/2017/http://netys.net/http://netys.net/https://issta2016.cispa.saarland/program/https://issta2016.cispa.saarland/program/http://i-cav.org/2016/http://thescc.org/2016/http://www.thecloudcomputing.org/2016/http://icws.org/2016/https://books.google.com.tw/books?hl=en&lr=&id=zD9-CwAAQBAJ&oi=fnd&pg=PA200&dq=info:Vbdb-4WAUcIJ:scholar.google.com&ots=0CztGV4ZqL&sig=qIp32prwREja51n2Tb7_1uBQZ2g&redir_esc=y#v=onepage&q&f=falsehttp://thescc.org/2016/http://thescc.org/2016/http://cc.ee.ntu.edu.tw/~wavas/WAVAS07.151020/http://2015.cloudcom.orghttp://www.wieson.com/go/en/wieson/http://www.lightfarm.wieson.comhttp://140.119.168.11/zh_tw/news/%E5%AD%B8%E8%A1%93%E7%A0%94%E7%A9%B6%E5%95%86%E5%93%81%E5%8C%96-%E8%B3%87%E7%AE%A1%E5%B0%88%E9%A1%8C%E4%BD%9C%E5%93%81%E6%8E%88%E6%AC%8A%E7%94%A2%E6%A5%AD-4606182http://conferences.computer.org/scc/2015/http://conferences.computer.org/scc/2015/http://2015.cloudcom.orghttp://apicta.net/aspiluki/http://fse22.gatech.edu/tutorials#stringshttp://fse22.gatech.eduhttp://2014.cloudcom.orghttp://www.cintec.cuhk.edu.hk/2014BDWorkshop/index.htmlhttp://www.hicss.hawaii.edu/hicss_47/apahome47.htmhttp://www.ittc.ku.edu/lctes14/http://www.ieeebigdata.org/2014/satellite/taipei/index.htmlhttp://www.digitimes.com.tw/tw/dt/n/shwnws.asp?CnlID=13&cat=10&id=0000356308_9JB4NBAILTR9ZI9EB4JG4&ct=1http://www.eitc.org/conferences/eita-new-media-2013http://www.eitc.org/conferences/eita-new-media-2013http://www.case2013.org/http://www.themobileservices.org/2013/http://www.ijcnn2013.orghttp://conferences.computer.org/scc/2013/http://www.nccu.edu.tw/news/detail.php?news_id=4901http://www.ctitv.com.tw/news_video_c18v89805.htmlhttp://itunes.apple.com/tw/app/ai-ni-na-bian-tian-qi-ru-he/id539197991?mt=8http://conference.nccu.edu.tw/actnews/index.php?Sn=40http://www.decisionsciences.org/Annualmeeting/default.asphttp://lctes12.cs.purdue.edu/http://www2.ee.ntu.edu.tw/~wavas/http://www.isie2012.com/http://tim.sagepub.com/content/early/2012/02/06/0142331211432951.abstracthttp://www.worldscinet.com/ijfcs/22/2208/S0129054111009112.htmlhttp://eptcs.org/content.cgi?INFINITY2011http://www.iecon2011.org/http://concur2011.rwth-aachen.de/http://research.microsoft.com/en-us/um/redmond/events/spin2011/http://flolac.iis.sinica.edu.tw/flolac11/zh-tw/start.htmlhttp://www3.nccu.edu.tw/~yuf/slides/string.pdfhttp://2011.icse-conferences.org/http://www3.nccu.edu.tw/~yuf/dissertation.pdfhttp://www3.nccu.edu.tw/~yuf/defense.pdfhttp://www.cs.ucsb.edu/common/wordpress/?p=813http://www.cs.ucsb.edu/common/wordpress/?p=813http://www.cs.ucsb.edu/~vlab/strangerhttp://http://fse22.gatech.edu/tutorials#stringsshapeimage_8_link_0shapeimage_8_link_1shapeimage_8_link_2shapeimage_8_link_3shapeimage_8_link_4shapeimage_8_link_5shapeimage_8_link_6shapeimage_8_link_7shapeimage_8_link_8shapeimage_8_link_9shapeimage_8_link_10shapeimage_8_link_11shapeimage_8_link_12shapeimage_8_link_13shapeimage_8_link_14shapeimage_8_link_15shapeimage_8_link_16shapeimage_8_link_17shapeimage_8_link_18shapeimage_8_link_19shapeimage_8_link_20shapeimage_8_link_21shapeimage_8_link_22shapeimage_8_link_23shapeimage_8_link_24shapeimage_8_link_25shapeimage_8_link_26shapeimage_8_link_27shapeimage_8_link_28shapeimage_8_link_29shapeimage_8_link_30shapeimage_8_link_31shapeimage_8_link_32shapeimage_8_link_33shapeimage_8_link_34shapeimage_8_link_35shapeimage_8_link_36shapeimage_8_link_37shapeimage_8_link_38shapeimage_8_link_39shapeimage_8_link_40shapeimage_8_link_41shapeimage_8_link_42shapeimage_8_link_43shapeimage_8_link_44shapeimage_8_link_45shapeimage_8_link_46shapeimage_8_link_47shapeimage_8_link_48shapeimage_8_link_49shapeimage_8_link_50shapeimage_8_link_51shapeimage_8_link_52shapeimage_8_link_53shapeimage_8_link_54shapeimage_8_link_55shapeimage_8_link_56shapeimage_8_link_57shapeimage_8_link_58shapeimage_8_link_59shapeimage_8_link_60shapeimage_8_link_61shapeimage_8_link_62shapeimage_8_link_63shapeimage_8_link_64shapeimage_8_link_65shapeimage_8_link_66shapeimage_8_link_67shapeimage_8_link_68shapeimage_8_link_69shapeimage_8_link_70shapeimage_8_link_71shapeimage_8_link_72shapeimage_8_link_73shapeimage_8_link_74shapeimage_8_link_75shapeimage_8_link_76shapeimage_8_link_77