About

CV (Chinese Version)

I am a Ph.D. student at the University of Chinese Academy of Sciences. I am doing research in the VUL337 laboratory at Tsinghua University, under the guidance of Professor Chao Zhang.

My current research focuses on confidential computing (TEE for cloud), privacy computing (TEE & MPC), fuzzing, and static program analysis. In privacy computing, I am interested in using hardware capabilities to protect data privacy and promote data value generation, and protect the security of AI models during delivery and deployment. In confidential computing, I am interested in the application of TEE and the side channel attack and defense against CPU and TEE. In addition, we hope to use AI to generate software based on “genes” and design the next generation of hardware in the future.

Education

University of Chinese Academy of Sciences September 2021 - Today

Doctor of Philosophy - Cyberspace Security

University of Chinese Academy of Sciences September 2018 - July 2021

Master of Engineering - Computer Science

Beijing Jiaotong University September 2014 - July 2018

Bachelor of Engineering - Cyberspace Security & Finance (Dual Degree)

Publications

  1. EnclaveFuzz: Finding Vulnerabilities in SGX Applications (GitHub)
    Liheng Chen, Zheming Li, Zheyu Ma, Yuan Li, Baojian Chen, Chao Zhang.
    ISOC Network and Distributed System Security Symposium (NDSS), 2024

  2. Graphuzz: Data-driven Seed Scheduling for Coverage-guided Greybox Fuzzing (GitHub)
    Hang Xu, Liheng Chen, Shuitao Gan, Chao Zhang, Zheming Li, Jiangan Ji, Baojian Chen, Fan Hu.
    ACM Transactions on Software Engineering and Methodology (TOSEM), 2024

  3. Partial-SMT: Core-scheduling protection against SMT contention-based attacks
    Xiaohui Wu, Yeping He, Qiming Zhou, Hengtai Ma, Liang He, Wenhao Wang, Liheng Chen.
    IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), 2020

Projects

(W.I.P.) Responsible for the security and functional testing of SecretFlow from Ant group (collaboration between school and enterprise). We have combined manual auditing and automated testing to discover several design and code implementation issues. The current goal is to officially release the SecretFlow. At the same time, we are relying on the project to carry out research points such as MPC framework differential testing and Fuzzing Roadblocks bypass.

(W.I.P.) Responsible for the design of advertising delivery platforms (demand-side platforms and data management platforms), focusing on providing privacy computing capabilities and working with data partners to build more powerful user portraits.

Skill

Language: relatively proficient in C++ (300k+ development)/Python, with some experience in OCaml/Rust.

Architecture: relatively proficient in linux user-mode programs/compilers, with some experience in CPU/kernel & drivers/virtual machines.