軟體安全實驗室

SOftware SECURITY LAbORATORY

DEpT. Management Information Systems

College of Commerce, National Chengchi University

 
 

The Software Security Laboratory (SoSLab, pronounced so-slab) at NCCU is the research group under the supervision of Prof. Fang Yu with tech-oriented mis graduate students and under graduate students.  General research interests of SoSLab span the areas of security, verification, and program analysis techniques with the aim of improving the correctness and reliability of software. Our goal is to investigate formal techniques and develop practical tools for system developers and public users who made SOS (Secure Our Software) calls. Our current research addresses Web/Cloud/App/Smart Contract security and vulnerabilities.




 

Fang Yu: Welcome to SoSLab@NCCU

News

ETAPS/TACAS 2024

Conference Deadline:

TACAS 2024 Oct. 12

ISSTA 2024 Dec. 15


soslab

Security Report:

  1. -The OWASP Top 10,

  2. - Common Vulnerabilities and Exposure

Soft. Verification Lab:

  1. -Vlab@UCSB,

  2. -Verification@NECLA,

  3. - WebBlaze@UCB,

  4. - SVVRL@NTU

[Best Thesis Award] The master student Cheng-Jun Yang whose thesis: XFlag: Explainable Fake News Detection on Social Media has been awarded the best master thesis of NCCU 2023. Congrats to Cheng-Jun Yang. Co-advised with Prof. Shih-Yi Chien.

[Best Paper Award] The paper: 神經網路的可控制穩健性訓練研究(Controllable Robustness Training) has been awarded the best paper (the mandarin session) in the 19th TCSE 台灣軟體工程研討會( TCSE 2023). Congrats to Yu-Chi Hu.

[Award] I-Ting Hsieh has been awarded the MOST undergraduate student research grant on Generative Story Telling, 2023-2024.

[Publication] The paper: POSTER: On searching information leakage of Python model execution to detect adversarial examples has been accepted to be published as a poster paper in Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security. (AsiaCCS 2023). Congrats to Cheng-Yao Guo.

[Publication] The paper: DeepSHAP Summary for Adversarial Example Detection has been accepted to be published in 2023 IEEE/ACM International Workshop on Deep Learning for Testing and Testing for Deep Learning (DeepTest@ICSE 2023). Congrats toYi-Ching Lin.

[Award] Yu-Hang Chien has been awarded the MOST undergraduate student research grant on Video Learning on Badminton Games, 2022-2023.

[Publication] The paper: XFlag: Explainable Fake News Detection on Social Media has been accepted to be published in International Journal of Human-Computer Interaction (IJHCI ). SCI IF: 3.353. 2022. Congrats to Cheng-Jun Yang. Joint work with Prof. Shih-Yi Chien.

[Publication] The paper: PyCT: A Python Concolic Tester has been accepted by APLAS 2021 (joint conference with SPLASH 2021).  Joint work with Prof. Yu-Fang Chen, Wei-Lun Tsai, Wei-Cheng Wu, Di-De Yen.

[Services] Dr. Fang Yu serves the program committee of ICSE 2022 (posters). Please consider to submit your articles.

[Services] Dr. Fang Yu serves the program committee of APSEC 2021. Please consider to submit your articles.

[Services] Dr. Fang Yu serves the program committee of TCSE 2021. Please consider to submit your articles.

[Services] Dr. Fang Yu serves the associate editor of PACIS 2021(Information Security and Privacy Track). Please consider to submit your articles.

[Teaching Award] Prof. Fang Yu received the college excellent teaching award (English Taught Program), College of Commerce, National Chengchi University, 2020.

[Teaching Award] Prof. Fang Yu received the department teaching award, Dept. of MIS, National Chengchi University, 2020.

[Publication] The paper: Runtime Hook on Block Chain and Smart Contract Systems has been accepted by SBC@AsiaCCS 2020.  Congrats to Wei-Ting Lin. Joint work with Prof. Shun-Wen Hsiao.

[Publication] The paper: Symbolic Gas Vulnerability Detection and Attack Synthesis has been accepted by PACIS 2020.  Congrats to Min-Hao Peng. Joint work with Prof. Jie-Hong Roland Jiang.

[Award] Yen-Tung Lin has been awarded the MOST undergraduate student research grant on Style Transformation on Malicious  and Benign Web Sites, 2020-2021.

[Award] Chen-Yao Kuo has been awarded the MOST undergraduate student research grant on AI Education Platform, 2020-2021.

[Services] Dr. Fang Yu serves the associate editor of PACIS 2020 (Information Security and Privacy Track). Please consider to submit your articles.

[Teaching Award] Prof. Fang Yu received the department teaching award, Dept. of MIS, National Chengchi University, 2019.

[Publication] The paper: HiSeqGAN: Hierarchical Sequence Synthesis and Prediction has been accepted by ICANN 2019.  Congrats to Yun-Chieh Tien and Chen-Min Hsu. (in poster presentation)

[Best Paper Award] The paper: Runtime profiling on function calls of python scripts has been awarded the best paper of TCSE 2019.  (Taiwan Track) Congrats to Yu-Hau Lin. Joint work with Prof. Shun-Wen Hsiao.

[Award] Yung-Wei Peng is awarded the MOST undergraduate student research grant, 2019-2020.

[Teaching Award] Prof. Fang Yu received the 107 ETP course award, College of Commerce, National Chengchi University, 2018.

[Publication] The paper: Malware Family Characterization with Recurrent Neural Network and GHSOM using System Calls has been accepted by CloudCom 2018.  Congrats to Chi-Feng Liu. Joint work with Prof. Shun-Wen Hsiao. (short paper)

[Teaching Award] Prof. Fang Yu received the 106 outstanding teaching award of Dept. of MIS, National Chengchi University, 2018.

[Services] Dr. Fang Yu serves the program committee of LATA 2019. Please consider to submit your articles.

[Publication] The paper: Parameterized Model Counting for String and Numeric Constraints has been accepted as a regular paper by ESEC/FSE 2018, Lake Buena Vista, Florida, United States. Joint work with Prof. Tevfik Bultan, Dr. Abdulbaki Aydin, Dr. Lucas Bang, William Eiers, Tegan Brennan, Miroslav Gavrilov.

[Publication] The paper: A Symbolic model Checking Approach to the Analysis of String and Length Constraints has been published in ASE 2018. Montpellier, France. Joint work with Prof. Jie-Hong Jiang and Dr. Hung-En Wang.

[Publication] The paper: Tracking Supply Chain Process Variability with Unsupervised Cluster Traversal has been published in DataCom 2018. Congrats to TengYung Lin. Joint work with Prof. Hao-Chun Howard Chuang.

[Publication] The paper: Quantitative Quality Estimation of Cloud-based Streaming Services has been published in Computer Communications. (SCI, IF:3.338). [Elsevier]. Joint work with Prof. Yat-Wah Wan Prof. Rua-Huan Tsaih.

[Publication] The paper: Biparti Majority Learning with Tensors has been published in IEEE BigData Congress 2018. Congrats to ChiaRun Lee. Joint work with Prof. Shun-Wen Hsiao. (work in progress track)

[Services] Dr. Fang Yu serves the program committee of ICTSS 2018 and TCSE 2018. Please consider to submit your articles.

[Book] The book: String Analysis for Software Verification and Security can be ordered online. [Springer] [Amazon]

[Publication] The paper: Static API Call Vulnerabilities in iOS applications has been published in ICSE 2018, Gothenburg, Sweden. Congrats to Chun-Han Lin. Joint work with Prof. Jie-Hong Jiang and Prof. Tevfik Bultan. (poster)

[Award] Prof. Fang Yu received the 105 outstanding teaching award of College of Commerce, National Chengchi University, 2017.

[Publication] The paper: A Parallel Majority Learning Algorithm for Anomaly Detection has been published in IEEE DataCom 2017, Orlando, US. Congrats to Ya-Yun Peng. Joint work with Dr. Shin-Yin Huang. (poster)

[Services] Dr. Fang Yu serves the program committee of IFIP ICTSS 2017. Please consider to submit your articles.

[Services] Dr. Fang Yu (with Dr. Ming-Hsien Tsai) organizes the summer school FLOLAC 2017.

[Publication] The paper: An Effective Distributed GHSOM Algorithm for Unsupervised Clustering on Big Data has been published in IEEE BigData Congress 2017, Honolulu, US. Congrats to Chui-Hui Chiu and Jin-Jie Chen.

[Publication] The paper: Content-Sensitive Data Compression for IoT Streaming Services has been published in IEEE ICIOT 2017, Honolulu, US. Congrats to Chun-Chi Hsu and Yuan-Ting Fang. (short paper)

[Publication] The paper: Adaptive Social Network Services: The Practice of 9EMBA.com  has been published in IEEE EDGE 2017, Honolulu, US. Congrats to Chiou-Yi Cheng. Joint work with Yao-Huang Lin. (short paper)

[Visiting Scholar] Dr. Fang Yu serves the associate research scientist for the visit of Prof. Tevfik Bultan and VLab, University of California Santa Barbara in  July-Dec. 2016.

[Services] Dr. Fang Yu serves the program committee of NETYS 2017. Please consider to submit your articles.

[Award] Chun-Tai Lin is awarded the MOST undergraduate student research grant, 2016-2017.

[Publication] The paper: Optimal Sanitization Synthesis for Web Application Vulnerability Repair has been published in ACM ISSTA 2016, Germany. Congrats to Ching-Yuan Shueh and Chun-Han Lin. Joint work with Dr. Yu-Fang Chen, Dr. Bow-Yaw Wang and Prof. Tevfik Bultan.

[Publication] The paper: String Analysis via Automata Manipulation with Logic Circuit Representation has been published in CAV 2016, Toronto, CA. Congrats to Chun-Han Lin. Joint work with Hung-En Wang, Tzung-Lin Tsai, and Prof. Jie-Hong Jiang.

[Publication] The paper: Simulating Time-Varying Demand Services with Queuing Models has been published in IEEE SCC 2016, San Francisco, US. Congrats to Hsuan-Kai Chu. Joint work with Dr. Wan-Ping Chen. (application track)

[Publication] The paper: Gnafuy: a framework for ubiquitous computation has been published in IEEE Cloud 2016, San Francisco, US. Congrats to Jin-Jie Chen. (short paper)

[Publication] The paper: AppReco: Bahvior-aware Recommendation for iOS Mobile Applications has been published in IEEE ICWS 2016, San Francisco, US. Congrats to Zhi-Ruey Fang and Shu-Wei Huang. (application track)

[Publication] The book: Managing Innovation and Cultural Management in the Digital Era: The Case of the National Palace Museum edited by Prof. R. H. Tsaih and Prof. T.S. Han has been published. Dr. Fang Yu contributed the chapter: Investigating Security Mechanisms for ICT-enabled Services of the National Palace Museum. 2016. [Routledge Book].

[Services] Dr. Fang Yu serves the program committee of IEEE SCC 2016. Please consider to submit your articles.

[Presentation] Chun-Han Lin and Shu-Wei Huang present “SpaceConnection” and “AppReco” in WAVAS 2015.

[Publication] The paper: VISO: Characterizing Malicious Behaviors of Virtual Machines With Unsupervised Clustering has been accepted as a regular paper by IEEE CloudCom 2015, Vancouver, 2015. Congrats to Yen-Han Li. Joint work with Dr.Yue-Ruey Tzeng.

[Industry Collaboration] Soslab initiates the intelligent green energy project with Wieson Tech. [lightfarm, news].

[Publication] The paper: Network-Traffic Anomaly Detection with Incremental Majority Learning has been accepted by IJCNN, Ireland, 2015. Joint work with Dr. Shinying Huang, Prof. Ruahuan Tsaih, and Prof. Yennun Huang.

[Publication] The paper: Space Connection: A New 3D Tele-Immersion Platform for Web-based Gesture-collaborative Games and Services has been accepted by ACM GAS@ICSE, Florence, Italy 2015.

[Services] Dr. Fang Yu serves the program committee of IEEE SCC 2015 and CloudCom 2015. Please consider to submit your articles.

[Award] Congrats to John Lin, Fifi Sun, Erine Ho and Spencer Lin to win the 2nd place of 2015 Microsoft Imagine Cup in the Taiwan Final Competition. The team also won the Merit award of the International student projects in Asia Pacific ICT Award (APICTA 2014), Jakarta, Indonesia, the Best Innovation Award in InnoServe Contest 2014, Taiwan, and was the first-prize winner of the MIS project competition, NCCU.

[Tutorial talk] Prof. Tevfik Bultan and Dr. Fang Yu gave a tutorial talk on String analysis in the 22nd ACM SIGSOFT International Symposium on the Foundations of Software Engineering (FSE 2014), Hong Kong, Nov. 2014

[Services] Dr. Fang Yu serves the program committee of IEEE CloudCom 2014. Please consider to submit your articles.

[Award] Yi-Ann Lin receives the 2013 MOST innovative research award. Pei-Yu Sun is awarded the MOST undergraduate student research grant, 2014-2015.

[Presentation] Dr. Fang Yu gave an invited talk on Detecting and Patching Web Application Vulnerabilities in 2014 Big Data Workshop (BigData2014), Hong Kong, April, 2014.

[Publication] The paper: Resistant Learning on the Envelope Bulk for Identifying Anomalous Patterns has been accepted by IJCNN, Beijin, 2014. Joint work with Dr. Shinying Huang, Prof. Ruahuan Tsaih, and Prof. Yennun Huang.

[Best Paper Award] “Patcher: An Online Service for Detecting, Patching and Viewing Web Application Vulnerabilities.” The best paper award in HICSS 47 (Software Technology).

[Journal Publication] The paper: Topological Pattern Discovery and Feature Extraction for Fraudulent Financial Reporting has been accepted for publication in Expert Systems with Applications (SCI). Joint work with Dr. Shin-Ying Huang and Prof. Rua-Huan Tsaih.

[Services] I am serving the program committee of ACM LCTES 2014 and IEEE BigData 2014 (Taipei Satellite Session). Please consider to submit your articles.

[Award] Soslab virtualization introspection system was the winner of cloud security in the 2013 ITRI iSecurity project [digitimes]. 

[Publication] The paper: Securing KVM-based Cloud Systems via Virtualization Introspection has been accepted by the HICSS 47. Hawaii, U.S. 2014. Congrats to Sheng-Wei Lee.

[Journal Publication] The paper: Automata-based Symbolic String Analysis for Vulnerability Detection has been published in Formal Methods in System Design (SCI).  Joint work with Dr. Muath Alkahalaf and Prof. Tevfik Bultan.

[Presentation] Dr. Fang Yu gave an invited talk on Detecting and Patching Web Application Vulnerabilities in the International Conference on Arts, Culture, New Media, and Entertainment (EITA New Media), Taipei, Nov. 2013.

[Award] Wei-Shao Tang and Yi-Ann Lin are awarded the NSC undergraduate student research grant, 2013-2014.

[Publication] The paper: A Control Policy for $gamma$-Nets without Reachability Analysis and Siphon Enumeration has been accepted by the 9th IEEE International Conference on Automation Science and Engineering (CASE 2013). Wisconsin, U.S.  (joint work with Dr. Wenhui Wu and Prof. Daniel Yuh Chao)

[Publication] The paper: AppBeach: Characterizing App Behaviors via Static Binary Analysis has been accepted by the IEEE 2nd International Conference on Mobile Services (MS 2013). Santa Clara, U.S.

[Publication] The paper: Clustering iOS Executable Using Self-Organization Maps has been accepted by the 2013 International joint Conference on Neural Networks (IJCNN 2013). Dallas, U.S. (joint work with Hsin-Yin Huang and Prof. Rua-Huan Tsaih)

[Publication] The paper: Quantitative Analysis of Cloud-based Streaming Services has been accepted by the IEEE 10th International Conference on Services Computing (IEEE SCC 2013). Santa Clara, U.S. (joint work with Prof. Yat-Wah Wan and Prof. Rua-Huan Tsaih)

[Journal Publication] The paper: A Control Policy for a Subclass of Petri Nets without Reachability Analysis has been accepted to be published in the IET Control Theory and Applications (SCI). (joint work with Gaiyun Liu and Prof. Daniel Yuh Chao)

[Competition] Tim Chen, Kai-Chung Hsiao, Hsun-Yao Chen, Yuan-Jie Lee, Hao-Wen Sheng won the first prize of the MIS project competition, NCCU, Dec. 2012. [news] [ctitv][app]

[Publication] The paper: Innovation on Localized Information Exchange: the Services and their Implementation has been accepted by the 2012 International Conference on Innovation Studies (IS 2012), Taipei, Twain.

[Publication] The paper: The Dual Approach for Decision Making has been accepted by DSI 2012, San Francisco. (joint work with Hsin-Yin Huang and Prof. Rua-Huan Tsaih)

[Summer Intern] Steven Tai@TSMC, Sheng-Wei Lee@IBM, Yuan-Jie Li@KPMG (awarded the NSC student project)

[Presentation] Dr. Fang Yu gave an invited talk on Patching Vulnerabilities with Sanitization Synthesis at the Institute of Software, Chinese Academy of Sciences, Beijing, June, 2012. 

[Publication] The paper: Symbolic Consistency Checking of OpenMP Parallel Programs has been accepted by ACM LCTES 2012. (joint work with Prof. Farn Wang and Shun-Chin Yang)

[Presentation] Steven Tai and Yi-Yang Tung present “AppBeach” and “Patcher” in WAVAS 2012.

[Publication] The paper: Enumeration of Reachable and Other States of Simple Version of Systems of Simple Sequential Processes with Resources  (S3PR) has been accepted by IEEE ISIE 2012. (joint work with Prof. Daniel Y. Chao, and Hung-Yi Chen)

[Journal Publication] The paper: A Novel Liveness Condition for S3PGR2 has been published by SAGE TIM. (joint work with Prof. Daniel Y. Chao and Jiun-Ting Chen)

[Journal Publication] The full-version paper: Relational String Verification Using Multi-track Automata has been published in IJFCS.

[Publication] EPTCS 73: Proceedings of the 13th International Worksop on Verification of Infinite State Systems, Taipei, Taiwan, Oct. 2011 (co-chaired with Prof. Chao Wang)

[Publication] The paper: Number of Reachable States for Simple Classes of Petri Nets has been accepted by IEEE IECON 2011. (joint work with Prof. Daniel Y. Chao)

[Publication] The paper: A Temporal Logic for the Interaction of Strategies has been accepted by CONCUR 2011. (joint work with Prof. Farn Wang and Chung-Hao Huang)

[Publication] The paper: String Abstractions for String Verification has been accepted by SPIN 2011.

[Lecture] Formosan Summer School on Logic, Language, and Computation (FLOLAC 2011). [Slides]

[Publication] The paper: Patching Vulnerabilities with Sanitization Synthesis has been accepted by ICSE 2011.

[Award] Dr. Yu’s Dissertation has been nominated to 2010 ACM Doctoral Dissertation Award by UCSB. [Dissertation][Slides][UCSB news]

[Tool] The string analysis tool: StrAnGer can be downloaded from here (by vlab@ucsb).