軟體安全實驗室

SOftware SECURITY LAbORATORY

DEpT. Management Information Systems

College of Commerce, National Chengchi University

 
 

The Software Security Laboratory (SoSLab, pronounced so-slab) at NCCU is led by Dr. Fang Yu.  General research interests of SoSLab span the areas of security, verification, and program analysis techniques with the aim of improving the correctness and reliability of software. Our goal is to investigate formal techniques and develop practical tools for system developers and public users who made SOS (Secure Our Software) calls. Our current research addresses Web/Cloud/App security and vulnerabilities.


 

Fang Yu: Welcome to SoSLab@NCCU

Be alert to the surroundings.

You might be shocked when you explore the risk of software applications.


News

ICSE Submission in

Conference Deadline:

ACM ICSE‘16    Aug. 26

soslab

Links

[Visiting Scholar] I visited Prof. Tevfik Bultan and VLab, University of California Santa Barbara.  July to Dec. 2016. 
[Publication] The paper: Optimal Sanitization Synthesis for Web Application Vulnerability Repair has been accepted by ACM ISSTA 2016, Germany. Congrats to Ching-Yuan Shueh and Chun-Han Lin. Joint work with Dr. Yu-Fang Chen, Dr. Bow-Yaw Wang and Prof. Tevfik Bultan. 
[Publication] The paper: String Analysis via Automata Manipulation with Logic Circuit Representation has been accepted by CAV 2016, Toronto, CA. Congrats to Chun-Han Lin. Joint work with Hung-En Wang, Tzung-Lin Tsai, and Prof. Jie-Hong Jiang.
[Publication] The paper: Simulating Time-Varying Demand Services with Queuing Models has been accepted as an application track paper by IEEE SCC 2016, San Francisco, US. Congrats to Hsuan-Kai Chu. Joint work with Dr. Wan-Ping Chen.
[Publication] The paper: Gnafuy: a framework for ubiquitous computation has been accepted as a short paper by IEEE Cloud 2016, San Francisco, US. Congrats to Jin-Jie Chen.
[Publication] The paper: AppReco: Bahvior-aware Recommendation for iOS Mobile Applications has been accepted as an application track paper by IEEE ICWS 2016, San Francisco, US. Congrats to Zhi-Ruey Fang and Shu-Wei Huang.
[Publication] The book: Managing Innovation and Cultural Management in the Digital Era: The Case of the National Palace Museum edited by Prof. R. H. Tsaih and Prof. T.S. Han has been published. Dr. Fang Yu contributed the chapter: Investigating Security Mechanisms for ICT-enabled Services of the National Palace Museum. 2016. [Routledge Book].
[Services] Dr. Fang Yu serves the program committee of IEEE SCC 2016. Please consider to submit your articles.
[Presentation] Chun-Han Lin and Shu-Wei Huang present “SpaceConnection” and “AppReco” in WAVAS 2015.
[Publication] The paper: VISO: Characterizing Malicious Behaviors of Virtual Machines With Unsupervised Clustering has been accepted as a regular paper by IEEE CloudCom 2015, Vancouver, 2015. Congrats to Yen-Han Li. Joint work with Dr.Yue-Ruey Tzeng. 
[Industry Collaboration] Soslab initiates the intelligent green energy project with Wieson Tech. [lightfarm, news].
[Publication] The paper: Network-Traffic Anomaly Detection with Incremental Majority Learning has been accepted by IJCNN, Ireland, 2015. Joint work with Dr. Shinying Huang, Prof. Ruahuan Tsaih, and Prof. Yennun Huang.
[Publication] The paper: Space Connection: A New 3D Tele-Immersion Platform for Web-based Gesture-collaborative Games and Services has been accepted by ACM GAS/ICSE, Florence, Italy 2015.
[Services] Dr. Fang Yu serves the program committee of IEEE SCC 2015 and CloudCom 2015. Please consider to submit your articles.
[Award] Congrats to John Lin, Fifi Sun, Erine Ho and Spencer Lin to win the 2nd place of 2015 Microsoft Imagine Cup in the Taiwan Final Competition. The team also won the Merit award of the International student projects in Asia Pacific ICT Award (APICTA 2014), Jakarta, Indonesia, the Best Innovation Award in InnoServe Contest 2014, Taiwan, and was the first-prize winner of the MIS project competition, NCCU. 
[Tutorial talk] Prof. Tevfik Bultan and Dr. Fang Yu gave a tutorial talk on String analysis in the 22nd ACM SIGSOFT International Symposium on the Foundations of Software Engineering (FSE 2014), Hong Kong, Nov. 2014
[Services] Dr. Fang Yu serves the program committee of IEEE CloudCom 2014. Please consider to submit your articles.
[Award] Yi-Ann Lin receives the 2013 MOST innovative research award. Pei-Yu Sun is awarded the MOST undergraduate student research grant, 2014-2015.
[Presentation] Dr. Fang Yu gave an invited talk on Detecting and Patching Web Application Vulnerabilities in 2014 Big Data Workshop (BigData2014), Hong Kong, April, 2014.
[Publication] The paper: Resistant Learning on the Envelope Bulk for Identifying Anomalous Patterns has been accepted by IJCNN, Beijin, 2014. Joint work with Dr. Shinying Huang, Prof. Ruahuan Tsaih, and Prof. Yennun Huang.
[Best Paper Award] “Patcher: An Online Service for Detecting, Patching and Viewing Web Application Vulnerabilities.” The best paper award in HICSS 47 (Software Technology).
[Journal Publication] The paper: Topological Pattern Discovery and Feature Extraction for Fraudulent Financial Reporting has been accepted for publication in Expert Systems with Applications (SCI). Joint work with Dr. Shin-Ying Huang and Prof. Rua-Huan Tsaih.
[Services] I am serving the program committee of ACM LCTES 2014 and IEEE BigData 2014 (Taipei Satellite Session). Please consider to submit your articles.
[Award] Soslab virtualization introspection system was the winner of cloud security in the 2013 ITRI iSecurity project [digitimes].  
[Publication] The paper: Securing KVM-based Cloud Systems via Virtualization Introspection has been accepted by the HICSS 47. Hawaii, U.S. 2014. Congrats to Sheng-Wei Lee.
[Journal Publication] The paper: Automata-based Symbolic String Analysis for Vulnerability Detection has been published in Formal Methods in System Design (SCI).  Joint work with Dr. Muath Alkahalaf and Prof. Tevfik Bultan.
[Presentation] Dr. Fang Yu gave an invited talk on Detecting and Patching Web Application Vulnerabilities in the International Conference on Arts, Culture, New Media, and Entertainment (EITA New Media), Taipei, Nov. 2013.
[Award] Wei-Shao Tang and Yi-Ann Lin are awarded the NSC undergraduate student research grant, 2013-2014.
[Publication] The paper: A Control Policy for $gamma$-Nets without Reachability Analysis and Siphon Enumeration has been accepted by the 9th IEEE International Conference on Automation Science and Engineering (CASE 2013). Wisconsin, U.S.  (joint work with Dr. Wenhui Wu and Prof. Daniel Yuh Chao)
[Publication] The paper: AppBeach: Characterizing App Behaviors via Static Binary Analysis has been accepted by the IEEE 2nd International Conference on Mobile Services (MS 2013). Santa Clara, U.S. 
[Publication] The paper: Clustering iOS Executable Using Self-Organization Maps has been accepted by the 2013 International joint Conference on Neural Networks (IJCNN 2013). Dallas, U.S. (joint work with Hsin-Yin Huang and Prof. Rua-Huan Tsaih)
[Publication] The paper: Quantitative Analysis of Cloud-based Streaming Services has been accepted by the IEEE 10th International Conference on Services Computing (SCC 2013). Santa Clara, U.S. (joint work with Prof. Yat-Wah Wan and Prof. Rua-Huan Tsaih)
[Journal Publication] The paper: A Control Policy for a Subclass of Petri Nets without Reachability Analysis has been accepted to be published in the IET Control Theory and Applications (SCI). (joint work with Gaiyun Liu and Prof. Daniel Yuh Chao)
[Competition] Tim Chen, Kai-Chung Hsiao, Hsun-Yao Chen, Yuan-Jie Lee, Hao-Wen Sheng won the first prize of the MIS project competition, NCCU, Dec. 2012. [news] [ctitv][app]
[Publication] The paper: Innovation on Localized Information Exchange: the Services and their Implementation has been accepted by the 2012 International Conference on Innovation Studies (IS 2012), Taipei, Twain. 
[Publication] The paper: The Dual Approach for Decision Making has been accepted by DSI 2012, San Francisco. (joint work with Hsin-Yin Huang and Prof. Rua-Huan Tsaih)
[Summer Intern] Steven Tai@TSMC, Sheng-Wei Lee@IBM, Yuan-Jie Li@KPMG (awarded the NSC student project)
[Presentation] Dr. Fang Yu gave an invited talk on Patching Vulnerabilities with Sanitization Synthesis at the Institute of Software, Chinese Academy of Sciences, Beijing, June, 2012.  
[Publication] The paper: Symbolic Consistency Checking of OpenMP Parallel Programs has been accepted by ACM LCTES 2012. (joint work with Prof. Farn Wang and Shun-Chin Yang)
[Presentation] Steven Tai and Yi-Yang Tung present “AppBeach” and “Patcher” in WAVAS 2012.
[Publication] The paper: Enumeration of Reachable and Other States of Simple Version of Systems of Simple Sequential Processes with Resources  (S3PR) has been accepted by IEEE ISIE 2012. (joint work with Prof. Daniel Y. Chao, and Hung-Yi Chen)
[Journal Publication] The paper: A Novel Liveness Condition for S3PGR2 has been published by SAGE TIM. (joint work with Prof. Daniel Y. Chao and Jiun-Ting Chen)
[Journal Publication] The full-version paper: Relational String Verification Using Multi-track Automata has been published by IJFCS.
[Publication] EPTCS 73: Proceedings of the 13th International Worksop on Verification of Infinite State Systems, Taipei, Taiwan, Oct. 2011 (co-chaired with Prof. Chao Wang)
[Publication] The paper: Number of Reachable States for Simple Classes of Petri Nets has been accepted by IEEE IECON 2011. (joint work with Prof. Daniel Y. Chao)
[Publication] The paper: A Temporal Logic for the Interaction of Strategies has been accepted by CONCUR 2011. (joint work with Prof. Farn Wang and Chung-Hao Huang)
[Publication] The paper: String Abstractions for String Verification has been accepted by SPIN 2011. 
[Lecture] Formosan Summer School on Logic, Language, and Computation (FLOLAC 2011). [Slides]
[Publication] The paper: Patching Vulnerabilities with Sanitization Synthesis has been accepted by ICSE 2011.
[Award] Dr. Yu’s Dissertation has been nominated to 2010 ACM Doctoral Dissertation Award by UCSB. [Dissertation][Slides][UCSB news]
[Tool] The string analysis tool: StrAnGer can be downloaded from here (by vlab@ucsb).https://issta2016.cispa.saarland/program/https://issta2016.cispa.saarland/program/http://i-cav.org/2016/http://thescc.org/2016/http://www.thecloudcomputing.org/2016/http://icws.org/2016/https://books.google.com.tw/books?hl=en&lr=&id=zD9-CwAAQBAJ&oi=fnd&pg=PA200&dq=info:Vbdb-4WAUcIJ:scholar.google.com&ots=0CztGV4ZqL&sig=qIp32prwREja51n2Tb7_1uBQZ2g&redir_esc=y#v=onepage&q&f=falsehttp://thescc.org/2016/http://thescc.org/2016/http://cc.ee.ntu.edu.tw/~wavas/WAVAS07.151020/http://2015.cloudcom.orghttp://www.wieson.com/go/en/wieson/http://www.lightfarm.wieson.comhttp://140.119.168.11/zh_tw/news/%E5%AD%B8%E8%A1%93%E7%A0%94%E7%A9%B6%E5%95%86%E5%93%81%E5%8C%96-%E8%B3%87%E7%AE%A1%E5%B0%88%E9%A1%8C%E4%BD%9C%E5%93%81%E6%8E%88%E6%AC%8A%E7%94%A2%E6%A5%AD-4606182http://conferences.computer.org/scc/2015/http://conferences.computer.org/scc/2015/http://2015.cloudcom.orghttp://apicta.net/aspiluki/http://fse22.gatech.edu/tutorials#stringshttp://fse22.gatech.eduhttp://2014.cloudcom.orghttp://www.cintec.cuhk.edu.hk/2014BDWorkshop/index.htmlhttp://www.hicss.hawaii.edu/hicss_47/apahome47.htmhttp://www.ittc.ku.edu/lctes14/http://www.ieeebigdata.org/2014/satellite/taipei/index.htmlhttp://www.digitimes.com.tw/tw/dt/n/shwnws.asp?CnlID=13&cat=10&id=0000356308_9JB4NBAILTR9ZI9EB4JG4&ct=1http://www.eitc.org/conferences/eita-new-media-2013http://www.eitc.org/conferences/eita-new-media-2013http://www.case2013.org/http://www.themobileservices.org/2013/http://www.ijcnn2013.orghttp://conferences.computer.org/scc/2013/http://www.nccu.edu.tw/news/detail.php?news_id=4901http://www.ctitv.com.tw/news_video_c18v89805.htmlhttp://itunes.apple.com/tw/app/ai-ni-na-bian-tian-qi-ru-he/id539197991?mt=8http://conference.nccu.edu.tw/actnews/index.php?Sn=40http://www.decisionsciences.org/Annualmeeting/default.asphttp://lctes12.cs.purdue.edu/http://www2.ee.ntu.edu.tw/~wavas/http://www.isie2012.com/http://tim.sagepub.com/content/early/2012/02/06/0142331211432951.abstracthttp://www.worldscinet.com/ijfcs/22/2208/S0129054111009112.htmlhttp://eptcs.org/content.cgi?INFINITY2011http://www.iecon2011.org/http://concur2011.rwth-aachen.de/http://research.microsoft.com/en-us/um/redmond/events/spin2011/http://flolac.iis.sinica.edu.tw/flolac11/zh-tw/start.htmlhttp://www3.nccu.edu.tw/~yuf/slides/string.pdfhttp://2011.icse-conferences.org/http://www3.nccu.edu.tw/~yuf/dissertation.pdfhttp://www3.nccu.edu.tw/~yuf/defense.pdfhttp://www.cs.ucsb.edu/common/wordpress/?p=813http://www.cs.ucsb.edu/common/wordpress/?p=813http://www.cs.ucsb.edu/~vlab/strangerhttp://http://fse22.gatech.edu/tutorials#stringsshapeimage_9_link_0shapeimage_9_link_1shapeimage_9_link_2shapeimage_9_link_3shapeimage_9_link_4shapeimage_9_link_5shapeimage_9_link_6shapeimage_9_link_7shapeimage_9_link_8shapeimage_9_link_9shapeimage_9_link_10shapeimage_9_link_11shapeimage_9_link_12shapeimage_9_link_13shapeimage_9_link_14shapeimage_9_link_15shapeimage_9_link_16shapeimage_9_link_17shapeimage_9_link_18shapeimage_9_link_19shapeimage_9_link_20shapeimage_9_link_21shapeimage_9_link_22shapeimage_9_link_23shapeimage_9_link_24shapeimage_9_link_25shapeimage_9_link_26shapeimage_9_link_27shapeimage_9_link_28shapeimage_9_link_29shapeimage_9_link_30shapeimage_9_link_31shapeimage_9_link_32shapeimage_9_link_33shapeimage_9_link_34shapeimage_9_link_35shapeimage_9_link_36shapeimage_9_link_37shapeimage_9_link_38shapeimage_9_link_39shapeimage_9_link_40shapeimage_9_link_41shapeimage_9_link_42shapeimage_9_link_43shapeimage_9_link_44shapeimage_9_link_45shapeimage_9_link_46shapeimage_9_link_47shapeimage_9_link_48shapeimage_9_link_49shapeimage_9_link_50shapeimage_9_link_51shapeimage_9_link_52shapeimage_9_link_53