Short Bio
Dr. Wenbo Shen is a ZJU100 Young Professor at Zhejiang University. His research interests are operating system security, container security, and software supply chain security. He has published over 50 research papers at top-tier academic conferences. Dr. Wenbo Shen is a recipient of four distinguished paper awards (ESORICS 24, ACSAC 22, AsiaCCS 17, NDSS 16). His research work on Real-time Kernel Protection (RKP) has been deployed on hundreds of millions of devices.
Research
Dr. Wenbo Shen and his team concentrate on two primary areas. [Full paper list]
- Operating System Kernel Security: 1) performing OS kernel analysis to discover and eliminate new attack surfaces and vulnerabilities; 2) utilizing current hardware capabilities to develop innovative software-based protection strategies for the kernel; 3) leveraging software-hardware co-design to create new hardware features for system and software security.
- ACM CCS 24: CrossFire: Fuzzing macOS Cross-XPU Memory on Apple Silicon
- USENIX SEC 24: DMAAUTH: A Lightweight Pointer Integrity-based Secure Architecture to Defeat DMA Attacks
- ESORICS 24 [Distinguished Paper (1/535)]: Interp-flow Hijacking: Launching Non-control Data Attack via Hijacking eBPF Interpretation Flow
- Black Hat USA 24: PageJack: A Powerful Exploit Technique With Page-Level UAF
- USENIX SEC 23: Demystifying Pointer Authentication on Apple M1
- USENIX SEC 23: A Hybrid Alias Analysis and Its Application to Global Variable Protection in the Linux Kernel
- Black Hat USA 23: Apple PAC, Four Years Later: Reverse Engineering the Customized Pointer Authentication Hardware Implementation on Apple M1
- TDSC 23: kCPA: Towards Sensitive Pointer Full Life Cycle Authentication for OS Kernels
- TDSC 22: Automatic Permission Check Analysis for Linux Kernel
- DAC 22: RegVault: Hardware Assisted Selective Data Randomization for Operating System Kernels
- USENIX SEC 19: PeX: A Permission Check Analysis Framework for Linux Kernel
- NDSS 16 [Distinguished Paper]: SKEE: A lightweight Secure Kernel-level Execution Environment for ARM
- ACM CCS 14: Hypervision Across Worlds: Real-time Kernel Protection from the ARM TrustZone Secure World
- Container and Software Security: 1) conducting both static and dynamic analysis to enhance the security of container and cloud-native systems; 2) analyzing and securing software dependencies and programming language features to improve software supply chain security.
- S&P 25: My Model is Malware to You: Transforming AI Models into Malware by Abusing TensorFlow APIs
- TDSC 24: Towards Understanding and Defeating Abstract Resource Attacks for Container Platforms
- ICSE 24: ModuleGuard: Understanding and Detecting Module Conflicts in Python Ecosystem
- ICSE 24: Demystifying Compiler Unstable Feature Usage and Impacts in the Rust Ecosystem
- ACM CCS 23: Take Over the Whole Cluster: Attacking Kubernetes via Excessive Permissions of Third-party Applications
- USENIX SEC 23: Attacks are Forwarded: Breaking the Isolation of MicroVM-based Containers Through Operation Forwarding
- TDSC 23: Ambush from All Sides: Understanding Security Threats in Open-Source Software CI/CD Pipelines
- ACSAC 22 [Distinguished Paper (3/303)]: Making Memory Account Accountable: Analyzing and Detecting Memory Missing-account bugs for Container Platforms
- ACM CCS 21: Demons in the Shared Kernel: Abstract Resource Attacks Against OS-level Virtualization, ACM CCS 2021
Background
- 2019 - Now, Zhejiang University (China), College of Computer Science and Technology, ZJU100 Professor
- 2015 - 2019, Samsung Research America (USA), Tech Lead of Real-time Kernel Protection (RKP)
- 2010 - 2015, North Carolina State University (USA), Ph.D of Computer Science
- 2006 - 2010, Harbin Institute of Technology (China), B.Eng of Software Engineering
Awards
- Distinguished Paper Award by European Symposium on Research in Computer Security (ESORICS), 2024 (1/535)
- Distinguished Paper Award by Annual Computer Security Applications Conference (ACSAC), 2022, (3/303)
- Distinguished Paper Award by ACM Asia Conference on Computer and Communications Security (ASIACCS), ACM SIGSAC, 2017
- Distinguished Paper Award by Network and Distributed System Security Symposium (NDSS), 2016