Professor Lu Earns Outstanding Paper Award

Professor Kangjie Lu
December 6, 2019

Professor Kangjie Lu was recently recognized for excellence by the security community at the ACM SIGSAC Conference on Computer and Communications Security in London. His paper, Where Does It Go? Refining Indirect-Call Targets with Multi-Layer Type Analysis, received the top honor—the competitive Outstanding Paper Award—from a field of 947 submissions.

Lu's paper addresses a fundamental and challenging problem in the areas of systems security and software engineering. Program analysis techniques and control-flow protection generally require a precise call-graph. The presented approach, Multi-Layer Type Analysis, can statically and precisely construct such a call-graph for software programs with many target-undecidable indirect function calls. While being precise, the approach can quickly analyze millions of lines of code within a minute. The paper also demonstrated how to use the approach to dramatically improve static analysis and effectively find deep bugs.

“Many important problems in systems security have been open for a long time, and precisely identifying indirect-call targets is an example of such problems.” Lu said, “I am excited and fortunate to work on these problems with my brilliant collaborators and students.”

The paper was coauthored with Hong Hu, a research scientist from the Georgia Institute of Technology.

Lu’s ongoing research strives to develop building blocks for systems security, to automatically uncover and address security problems, and to harden widely used systems while preserving their reliability and efficiency. He has developed multiple systems and tools that prevent advanced attacks, eliminate vulnerabilities, and detect privacy leaks, and his work has resulted in many updates in popular systems such as the Linux kernel, the Android OS, and Apple’s iOS.

About the ACM SIGSAC CCS
The ACM Conference on Computer and Communications Security (CCS) is considered a top-tier conference in computer security. The conference brings together information security researchers, practitioners, developers, and users from all over the world to explore cutting-edge ideas and results.