wcventure
Shenzhen University
Paper Accepted By ICSE 2022
Author: Cheng Wen, Mengda He, Bohao Wu, Zhiwu Xu, Shengchao Qin.
Title: Controlled Concurrency Testing via Periodical Scheduling.
21-29th May 2022, PA, USA.
Paper Accepted By ICSE 2020
Author: Cheng Wen, Haijun Wang, Yuekang Li, Shengchao Qin, Yang Liu, Zhiwu Xu, Hongxu Chen, Xiaofei Xie, Geguang Pu and Ting Liu.
Title: MemLock: Memory Usage Guided Fuzzing.
5-1th October 2020, Seoul, South Korea.
Paper Accepted By ICSE 2020
Author: Haijun Wang, Xiaofei Xie, Yi Li, Cheng Wen, Yang Liu, Shengchao Qin, Hongxu Chen and Yulei Sui.
Title: Typestate-Guided Fuzzer for Discovering Use-after-Free Vulnerabilities.
5-11th October 2020, Seoul, South Korea.
Paper Accepted By IEEE Transactions on Reliability
Xu, Zhiwu, Cheng Wen, and Shengchao Qin.
Title: Type Learning for Binaries and its Applications.
IEEE Transactions on Reliability (2019).
11th November 2018.
Start PhD in Shenzhen University
I back to Shenzhen University and study PhD in the area of Computer Science.
1th Septemper 2019, Shenzhen University, China.
Best Paper Award on FAMC 2018
Author: Zhiwu Xu, Xiongya Hu, Cheng Wen, and Shengchao Qin.
Title: Extracting Automata from Neural Networks Using Active Learning.
3-4th November 2018, Chongqin, China.
Paper Accepted By FMAC 2018
Author: Zhiwu Xu, Xiongya Hu, Cheng Wen, and Shengchao Qin.
Title: Extracting Automata from Neural Networks Using Active Learning.
3-4th November 2018, Chongqin, China.
Paper Accepted By Science of Computer Programming
Xu, Zhiwu, Cheng Wen, and Shengchao Qin.
Title: State-taint analysis for detecting resource bugs.
Science of Computer Programming 162 (2018): 93-109.
15th September 2018, Elsevier.
Study In Nanyang Technology University
I went to Singapore and studied in Nanyang Technology University as a Non-graduating student!
8th August 2018, Nanyang Technology University, Singapore.
Best Student Paper Award on SmartCom 2017
Author: Xu, Zhiwu, Cheng Wen, Shengchao Qin and Zhong Ming.
Title: Effective Malware Detection Based on Behaviour and Data Features
12th December 2017, Shenzhen, China.
Paper Accepted By SmartCom 2017
Xu, Zhiwu, Cheng Wen, Shengchao Qin and Zhong Ming. Effective Malware Detection Based on Behaviour and Data Features. SmartCom 2017: 53-66
10th-12th December, Shenzhen, China.
Paper Accepted By ICFEM 2017
Zhiwu Xu, Cheng Wen, and Shengchao Qin. Learning Types for Binaries[C]. International Conference on Formal Engineering Methods. Springer, Cham, 2017:430-446.
13-17th November 2017, Xi'an, China.
| Pseudonym | : | wcventure |
| Name | : | Cheng Wen |
| Institution | : | College of Computer Science and Software Engineering, Shenzhen University |
| : | wcventure@outlook.com | |
| Skype | : | wcventure |
| Address | : | Shenzhen City, Guangdong Province, China, 518060 |
| Homepage | : | https://wcventure.github.io/ |
| Github | : | https://github.com/wcventure |
| CSDN | : | https://blog.csdn.net/wcventure |
| Google Scholar | : | https://scholar.google.com/citations?hl=en&user;=wcventure |
文成雕龙与天骄,
心若白云常自在。
雕陂之水清且泚,
龙归洞府暮将雨!
Cheng Wen
About Me
Cheng Wen is a Ph.D. student at the College of Computer Science and Software engineering in Shenzhen University since 2019. Cheng Wen received his bachelor's degree and master's degree in Software Engineering from Shenzhen University in 2015 and 2018 respectively, supervised by Prof. Shengchao Qin and Dr. Zhiwu Xu. He also worked as a visiting researcher at the Cyber Security Lab in Nanyang Technological University Singapore from 2018 to 2019. Cheng Wen's research interest is in the area of Cyber Security (SEC), Programming Language (PL) and Software Engineering (SE). I aim to address SEC problems by developing PL and SE methods, or address PL and SE problems to support SEC analysis. More specifically, He focuses on the use of program analysis, testing and verification techniques for making software systems more secure and reliable. More information here.
Education
-
ShenZhen University, ShenZhen, China
- Ph.D in Computer science and technology
- September 2019 – December 2022
- Supervisor: Prof. Shengchao Qin
-
ShenZhen University, ShenZhen, China
- M.S. in Software Engineering
- September 2015 – June 2018
- Supervisor: Prof. Shengchao Qin
-
ShenZhen University, ShenZhen, China
- B.S. in Software Engineering
- September 2011 – June 2015
Work Experience
-
Huawei Technologies Co., Ltd, Shenzhen, China
- Intern in Trustworthiness Testing Engineering Lab
- September 2021 – December 2022
- Duties included: Controlled Concurrency Testing via Periodical Scheduling, Program Verification with CBMC.
-
Huawei Technologies Co., Ltd, Dongguan, China
- Intern in Data Communication Trustworthiness Enabling and IPD Dept
- September 2020 – March 2021
- Duties included: Formal verification of Secure Boot Module.
-
Nanyang Technological University, Singapore
- Visiting researcher
- July 2018 – September 2019
- Duties included: MemLock: Memory Usage Guided Fuzzing; Typestate-Guided Fuzzer for Discovering Use-after-Free Vulnerabilities.
- Co-supervisor: Prof. Yang Liu
-
ShenZhen University, ShenZhen, China
- Research Assistant
- July 2018 – September 2019
- Duties included: Type Learning for Binaries and its Applications; Extracting Automata from Neural Networks Using Active Learning.
- Co-supervisor: Dr. Zhiwu Xu
Pulications
See also at Google Scholar and DBLP.
2022
-
Cheng Wen, Mengda He, Bohao Wu, Zhiwu Xu and Shengchao Qin.
Controlled Concurrency Testing via Periodical Scheduling.
IEEE/ACM 44th International Conference on Software Engineering (ICSE). PA, USA, 21-29th May 2022.
ICSE'22 Artifact Evaluation Committee awarded 
reusable badge and 
available badge for PERIOD!
Learn more at https://sites.google.com/view/period-cct/
PDF, 
BibTex, 
DOI, 
Slides, 
DataSet, 
Video, 
Code
2021
-
Zhiwu Xu, Cheng Wen, Shengchao Qin and Mengda He.
Extracting automata from neural networks using active learning.
PeerJ Computer Science. April 2021.
PDF, BibTex, DOI
2020
-
Cheng Wen, Haijun Wang, Yuekang Li, Shengchao Qin, Yang Liu, Zhiwu Xu, Hongxu Chen, Xiaofei Xie, Geguang Pu and Ting Liu.
MemLock: Memory Usage Guided Fuzzing.
IEEE/ACM 42nd International Conference on Software Engineering (ICSE). Seoul, South Korea, 5-11th July 2020.
ICSE'20 Artifact Evaluation Committee awarded reusable badge and available badge for MemLock!
Learn more at https://wcventure.github.io/MemLock/
PDF, BibTex, DOI, Slides, DataSet, Video, Code
-
Haijun Wang, Xiaofei Xie, Yi Li, Cheng Wen, Yang Liu, Shengchao Qin, Hongxu Chen and Yulei Sui.
Typestate-Guided Fuzzer for Discovering Use-after-Free Vulnerabilities.
IEEE/ACM 42nd International Conference on Software Engineering (ICSE). Seoul, South Korea, 5-11 July 2020.
Learn more at https://sites.google.com/view/uafl/
PDF, BibTex, DOI, Slides, DataSet, Video
2019
2018
-
Zhiwu Xu, Xiongya Hu, Cheng Wen, and Shengchao Qin.
Extracting Automata from Neural Networks Using Active Learning.
National Conference on Formal Methods and Applications (FMAC). Chongqin, China. 3-4th Nov 2018.
Best Paper Award
PDF, BibTex, DOI
-
Zhiwu Xu, Cheng Wen, and Shengchao Qin.
State-taint analysis for detecting resource bugs.
Science of Computer Programming. Elsevier, 162:93-109, 15th Sep 2018.
PDF, BibTex, DOI
2017
-
Zhiwu Xu, Cheng Wen, Shengchao Qin and Zhong Ming.
Effective malware detection based on behaviour and data features.
International Conference on Smart Computing and Communication (SmartCom). Springer, Cham, Shenzhen, China. 12-14th Dec 2017.
Best Student Paper Award
PDF, BibTex, DOI, Slides, Code
-
Zhiwu Xu, Cheng Wen, and Shengchao Qin.
Learning types for binaries.
International Conference on Formal Engineering Methods (ICFEM). Springer, Cham, Xi'an, China. 13-17th Nov 2017.
PDF, BibTex, DOI, Slides, DataSet, Code
Misc
Advertisement: We have examined, comb, and summarized hundreds of recently published papers on fuzz testing located by perusing top-conference proceedings and other quality venues, which can be seen at: https://github.com/wcventure/FuzzingPaper. This web is only used for collecting and group related paper. If there are any paper need to be updated, you can contribute PR.
Practical Security Impact
I have found several security-critical vulnerabilities in widely used open-source projects and libraries, such as Bintuils, Elfutils, Libtiff, Binaryen, NASM, MJS, etc.
CVEs List (71 CVEs)
| CVE ID | Package | Vulnerability Type | CVE ID | Package | Vulnerability Type |
|---|---|---|---|---|---|
| CVE-2022-26291 | Lrzip v0.641 | Concurrency Use-after-free | |||
| CVE-2020-36375 | MJS 1.20.1 | Stack Overflow | CVE-2020-36374 | MJS 1.20.1 | Stack Overflow |
| CVE-2020-36373 | MJS 1.20.1 | Stack Overflow | CVE-2020-36372 | MJS 1.20.1 | Stack Overflow |
| CVE-2020-36371 | MJS 1.20.1 | Stack Overflow | CVE-2020-36370 | MJS 1.20.1 | Stack Overflow |
| CVE-2020-36369 | MJS 1.20.1 | Stack Overflow | CVE-2020-36368 | MJS 1.20.1 | Stack Overflow |
| CVE-2020-36367 | MJS 1.20.1 | Stack Overflow | CVE-2020-36366 | MJS 1.20.1 | Stack Overflow |
| CVE-2020-18899 | Exiv2 0.27 | Uncontrolled Memory Allocation | CVE-2020-18898 | Exiv2 0.27 | Stack Overflow |
| CVE-2020-18395 | GNU Gama 2.04 | NULL Pointer Dereference | CVE-2020-18392 | MJS 1.20.1 | Stack Overflow |
| CVE-2019-16166 | GNU cflow 1.6 | Heap Buffer Overflow | CVE-2019-16165 | GNU cflow 1.6 | Use-after-free |
| CVE-2019-15140 | ImageMagick 7.0.8-43 | Use-after-free | CVE-2019-11471 | Libheif v1.4.0 | Use-after-free |
| CVE-2019-7704 | Binaryen 1.38.22 | Uncontrolled Memory Allocation | CVE-2019-7703 | Binaryen 1.38.22 | Use-after-free |
| CVE-2019-7702 | Binaryen 1.38.22 | NULL pointer dereference | CVE-2019-7701 | Binaryen 1.38.22 | Heap Buffer Overflow |
| CVE-2019-7700 | Binaryen 1.38.22 | Heap Buffer Overflow | CVE-2019-7699 | Bento4 v1.5.1-627 | Heap Buffer Overflow |
| CVE-2019-7698 | Bento4 v1.5.1-627 | Uncontrolled Memory Allocation | CVE-2019-7697 | Bento4 v1.5.1-627 | Assertion failed |
| CVE-2019-7665 | Elfutils 0.175 | Heap Buffer Overflow | CVE-2019-7664 | Elfutils 0.175 | negative-size in memcpy |
| CVE-2019-7663 | Libtiff 4.0.10 | Invalid Address Read | CVE-2019-7662 | Binaryen 1.38.22 | Assertion failed |
| CVE-2019-7154 | Binaryen 1.38.22 | Heap Buffer Overflow | CVE-2019-7153 | Binaryen 1.38.22 | NULL pointer dereference |
| CVE-2019-7152 | Binaryen 1.38.22 | Heap Buffer Overflow | CVE-2019-7151 | Binaryen 1.38.22 | NULL pointer dereference |
| CVE-2019-7150 | Elfutils 0.175 | Unknown Crash | CVE-2019-7149 | Elfutils 0.175 | Heap Buffer Overflow |
| CVE-2019-7148 | Elfutils 0.175 | Uncontrolled Memory Allocation | CVE-2019-7147 | NASM 2.14rc16 | Global buffer overflow |
| CVE-2019-6293 | Elfutils 0.175 | Heap Buffer Overflow | CVE-2019-6293 | Flex 2.6.4 | Stack Overflow |
| CVE-2019-6292 | Yaml-cpp v0.6.2 | Stack Overflow | CVE-2019-6291 | NASM 2.14.03rc1 | Stack Overflow |
| CVE-2019-6290 | NASM 2.14.03rc1 | Stack Overflow | CVE-2018-20712 | Binutils 2.31 | Heap Buffer Overflow |
| CVE-2018-20657 | Binutils 2.31 | Memory Leak | CVE-2018-20652 | Tinyexr v0.9.5 | Uncontrolled Memory Allocation |
| CVE-2018-20651 | Binutils 2.31 | Invalid Address Read | CVE-2018-20593 | Mini Xml v2.1 | Stack Buffer Overflow |
| CVE-2018-20592 | Mini Xml v2.1 | Use-after-free | CVE-2018-20591 | libming v0.4.8 | Heap Buffer Overflow |
| CVE-2018-20002 | Binutils 2.31 | Memory Leak | CVE-2018-18701 | Binutils 2.31 | Stack Overflow |
| CVE-2018-18700 | Binutils 2.31 | Stack Overflow | CVE-2018-18607 | Binutils 2.31 | NULL Pointer Dereference |
| CVE-2018-18606 | Binutils 2.31 | NULL Pointer Dereference | CVE-2018-18605 | Binutils 2.31 | Heap Buffer Overflow |
| CVE-2018-18521 | Elfutils 0.174 | Divide-by-zero | CVE-2018-18520 | Elfutils 0.174 | Invalid Address Read |
| CVE-2018-18484 | Binutils 2.31 | Stack Overflow | CVE-2018-18483 | Binutils 2.31 | Integer overflow |
| CVE-2018-18310 | Elfutils 0.174 | Invalid Address Read | CVE-2018-18309 | Binutils 2.31 | Invalid Address Read |
| CVE-2018-17985 | Binutils 2.31 | Stack Overflow | CVE-2018-17795 | LibTIFF 4.0.9 | Heap Buffer Overflow |
| CVE-2018-17794 | Binutils 2.31 | NULL Pointer Dereference | CVE-2018-16403 | Elfutils 0.173 | Heap Buffer Overflow |
| CVE-2018-16402 | Elfutils 0.173 | Double Free | CVE-2018-16062 | Elfutils 0.173 | Heap Buffer Overflow |
Open Source Project
Here are some open-source project. Share it with you in the spirit of open source. more detail can be seen at https://github.com/wcventure.
-
p
(ICSE2022) Controlled Concurrency Testing via Periodical Scheduling
https://github.com/wcventure/PERIOD -
d
MemLock
(ICSE2020) A feed-back directed fuzzer that guided by both memory usage and brach coverage.
https://github.com/wcventure/MemLock-Fuzz
-
m
These are my own summary notes after reading interesting papers. They are posted on CSDN blog.
https://blog.csdn.net/wcventure -
b
(ICFEM2017 / IEEE Transactions on Reliability) Learning Type for Binary / Type Learning for Binaries and its Applications
https://github.com/wcventure/BITY -
e
(SmartCom2017) An Effective Malware Detection based on Behaviour and Data Feature
https://github.com/wcventure/PC-Malware-Sklearner
Gallery
This gallery shows my colorful trace in different activity. Learn more at here.
Activity
I often share papers that I have read on CSDN. Welcome to exchange the view point on interesting research work. I am also an E-sports enthusiast, focusing on E-sports games and host games. If you want to play with me, you can add me to your friend list.
wcventure
CSDN
I have a blog of CSDN. After reading some interesting papers, I often share my experience on CSDN blog. Sometimes I will provide some translation of English papers.
wcventure
Github
This is my GitHub homepage. My GitHub is mainly used to publish open source projects and published papers. I often focus on the general trend of affairs of GitHub.
wcventure
Steam Community
My ID in Steam Community is wcventure. I've played a lot of interesting games. I will continue to be active in the steam community.
136025205
DOTA2
I like DOTA2 very much and focus on the TI competition every year. I believe that "CN DOTA, the best DOTA". I would like to thank all of the players, talent, and everyone in the Dota community for helping bring this game to life.
wcventure
Youku
I am also a video game maker. I often record video games and publish my game strategy. I used to do live broadcast on Douyu TV. My Youku channel also has many people's attention.
计算机论文笔记-wcventure
Zhihu
The articles in my Zhihu homepage ususlly is same as the articles in my CSDN homepage. After reading some interesting papers, I often share my experience on CSDN blog. Sometimes I will provide some translation of English papers.