Song Li's Homepage
Bio
My research primarily focuses on security areas such as web security, system security, and program analysis. My prior work focused on web tracking, but now is directed toward static/dynamic analysis and privacy -- trying to solve real-world challenging problems such as increasing the accuracy and efficiency of vulnerability detection, mobile APP analysis and privacy protection.
Education
Ph.D. in Computer Science, Aug. 2018 - Feb. 2022
Advisor: Dr. Yinzhi Cao
Johns Hopkins University
M.S. in Computer Science and Engineering, Aug. 2015 - May. 2017
Lehigh University
B.S. in Software Engineering, Aug. 2011 - May. 2015
Beijing Institute of Technology
Publications
-
[CCS '23] CoCo: Efficient Browser Extension Vulnerability Detection via Coverage-guided, Concurrent Abstract Interpretationto appear in the Proceedings of The ACM Conference on Computer and Communications Security (CCS), 2023
-
[IEEE S&P '23] Scaling JavaScript Abstract Interpretation to Detect and Exploit Node.js Taint-style Vulnerabilityin the Proceedings of the IEEE Symposium on Security and Privacy (Oakland), 2023.
-
[USENIX Security '22]Mining Node.js Vulnerabilities via Object Dependence Graph and Queryin the Proceedings of the 31th USENIX Security Symposium, 2022[paper] [source code]
The artifact is evaluated and the results are reproduced by the USENIX AE committee.
Badges: Artifacts Available, Artifacts Functional, Results Reproduced
The research results in 70 CVEs, e.g., CVE-2019-10777 in aws-lambda and CVE-2020-7625 in op-browser. -
[NDSS '22]Probe the Proto: Measuring Client-Side Prototype Pollution Vulnerabilities of One Million Real-world Websitesin the Proceedings of Network & Distributed System Security Symposium (NDSS), 2022[paper] [source code]
The research results in 2,738 real-world websites, including ten among the top 1,000 Tranco websites, which are vulnerable to 2,917 zero-day, exploitable prototype pollution vulnerabilities. 48 vulnerabilities further lead to XSS, 736 to cookie manipulations, and 830 to URL manipulations. A detailed list of vulnerable websites(excluding some websites that cannot be reached or are still in the process of vulnerability patching) is here.
-
[AsiaCCS '22] GraphTrack: A Graph-based Cross-Device Tracking Frameworkin the Proceedings of ACM Asia Conference on Computer and Communications Security, 2022.
-
[ESEC/FSE '21]Detecting Node.js Prototype Pollution Vulnerabilities via Object Lookup Analysisin the Proceeding of the ACM Joint European Software Engineering Conference and Symposium on-the Foundations of Software Engineering (ESEC/FSE), 2021[paper] [DOI] [source code]
The research results in 11 CVEs, e.g., CVE-2019-10795 in undefsafe (>5M weekly downloads) and CVE-2020-7643 in paypal-adaptive. -
[IMC '20]Who Touched My Fingerprint? A Large-scale Measurement Study and Classification of Fingerprint Dynamicsin the Proceeding of the Internet Measurement Conference (IMC), 2020
-
[USENIX Security '19]Rendered Private: Making GLSL Execution Uniform to Prevent WebGL-based Browser Fingerprintingin the Proceeding of the 28th USENIX Security Symposium, 2019
-
[CCS '17]Deterministic Browserin the Proceeding of ACM Conference on Computer and Communications Security (CCS), 2017
-
[NDSS '17](Cross-)Browser Fingerprinting via OS and Hardware Level Featuresin the Proceeding of the Annual Network & Distributed System Security Symposium (NDSS), 2017The research is featured by many media outlets, such as
BeepingComputer, ZDNet, Top Tech News, EurekAlert, Ars Technica, Fossbytes, Sci-Tech Today, The Hackers News,
The Register, I Programmer, Digital Journal and IEEE Spectrum