Dr. Xiang Fu

Dr. Xiang Fu

Associate Professor
Department of Computer Science
Hofstra University, Hempstead, NY 11549

Office: Adams 103
Phone: (516) 463-4787
Email: Xiang.Fu@hofstra.edu

News and Announcements

December 25, 2016
Most modern malware are environment sensitive -- they take evasive actions against analysis systems based on virtual machines, emulators, and debuggers. Our new article " On Detecting Environment Sensitivity using Slicing", in Springer Journal of Theoretical Computer Science reveals how slicing can help defeat environment sensitive malware.

April 5, 2016
Another paper on the learning outcome synthesis is published by ACM.

November 5, 2015
Our paper on the automated grading and parallel computing support of the the WISEngineering is published.

Jan 22, 2014
Dr. Xiang Fu is back from sabbatical!

Jan 1, 2014
ICSOC 2013 Proceedings now published by Springer. Details here: Samik Basu, Cesare Pautasso, Liang Zhang, Xiang Fu (Eds.): Service-Oriented Computing - 11th International Conference, ICSOC 2013, Berlin, Germany, December 2-5, 2013, Proceedings. Lecture Notes in Computer Science 8274, Springer 2013, ISBN 978-3-642-45004-4.

December 24, 2013
The journal version of simple linear constraint paper is finally in print. Details below on DBLP: Xiang Fu, Michael C. Powell, Michael Bantegui, Chung-Chih Li: Simple linear string constraints. Formal Asp. Comput. 25(6): 847-891 (2013) Link to full paper at Springer: http://link.springer.com/article/10.1007%2Fs00165-011-0214-3 A draft version of the paper is available here

May 8, 2013
Dr. Xiang Fu will be on sabbatical fall 2013.

May 8, 2013
Dr. Xiang Fu receives the Hofstra 2012-2013 Best Teacher Award (School of Engineering and Applied Sciences).

Apr 25, 2013
Dr. Xiang Fu serves on the programming committee of ACM SAC 2014 SOAP-Track.

Apr 25, 2013
Dr. Xiang Fu is appointed as the program proceedings chair of ICSOC 2013.

Apr 20, 2013
Dr. Xiang Fu serves on the Expert Review Panel of ASE 2013.

Jan 18, 2013
Hofstra's online graduate CS program ranked 10th among the US News Top 100 Online CS Programs!

Dec 14, 2012
ALOAS Prototype is now available for download. Congratulations to my students: Bruno Melo, Diego da Silva, Matheus Finatti, Stephen Cohen, Vinicio Meira. Fantastic job! .

Oct 23, 2012
Malware Analysis Tutorial 34: Evaluation of Automated Malware Analysis Tools CWSandBox, PeID, and Other Unpacking Tools .

Sep 18, 2012
Malware Analysis Tutorial 33: Evaluation of Automated Malware Analysis Systems I (Anubis) .

Aug 15, 2012
Malware Analysis Tutorial 32: Exploration of Botnet Client .

Aug 3, 2012
Malware Analysis Tutorial 31: Exposing Hidden Control Flow L .

July 7, 2012
Malware Analysis Tutorial 30: Self-Overwriting COM Loading for Remote Loading DLL .

June 10, 2012
Malware Analysis Tutorial 29: Stealthy Library Loading II (Using Self-Modifying APC) .

May 29, 2012
Malware Analysis Tutorial 28: Break Max++ Rootkit Hidden Drive Protection .

May 24, 2012
Malware Analysis Tutorial 27: Stealthy Loading of Malicious Driver .

April 12, 2012
Malware Analysis Tutorial 26: Rootkit Configuration .

April 9, 2012
Malware Analysis Tutorial 25: Deferred Procedure Call (DPC) and TCP Connection .

April 6, 2012
Malware Analysis Tutorial 24: Tracing Malicious TDI Network Behaviors of Max++ .

March 28, 2012
Malware Tutorial Analysis 23: Tracing Kernel Data Using Data Breakpoints .

March 23, 2012
Malware Analysis Tutorial 22: IRP Handler and Infected Disk Driver .

March 17, 2012
Malware Analysis Tutorial 21: Hijacking Disk Driver .

March 9, 2012
Malware Analysis Tutorial 20: Kernel Debugging - Intercepting Driver Loading .

March 1, 2012
Malware Analysis Tutorial 19: Anatomy of Infected Driver .

February 25, 2012
Malware Analysis Tutorial 18: Infecting Driver Files (Part II: Simple Infection) .

February 19, 2012
Malware Analysis Tutorial 17: Infecting Driver Files (Part I: Randomly Select a System Module) .

February 9, 2012
Malware Analysis Tutorial 16: Return Oriented Programming (Return to LIBC) Attack .

February 2, 2012
Malware Analysis Tutorial 15: Injecting Thread into a Running Process .

January 31, 2012
Malware Analysis Tutorial 14: Retrieve Self-Decoding Key .

January 24, 2012
Malware Analysis Tutorial 13: Tracing DLL Entry Point .

January 19, 2012
"Simple Linear String Constraints" (DOI: 10.1007/s00165-011-0214-3) to be published by the Journal of Formal Aspects of Computing. This paper contributes in the area of constraint solving and web security. SUSHI solver has been used in discovering SQL injection and XSS vulnerabilities of web applications. A preliminary version is available here. A preview official version is available on the Springer journal site. Paginated jounal version to follow.

January 18, 2012
Malware Analysis Tutorial 12: Debug the Debugger - Fix Module Information and UDD File .

January 15, 2012
Dr. Fu serves as the Web Chair of the 10th International Conference on Service Oriented Computing. Submit to ICSOC'12, the forum for sharing your ground breaking discoveries in the area.

January 10, 2012
Malware Analysis Tutorial 11: Starling Technique and Hijacking Kernel System Calls using Hardware Breakpoints .

January 4, 2012
Malware Analysis Tutorial 10: Tricks for Confusing Static Analysis Tools .

December 29, 2011
Malware Analysis Tutorial 9: Encoded Export Table .

December 25, 2011
Malware Analysis Tutorial 8: PE Header and Export Table .

December 14, 2011
Malware Analysis Tutorial 7: Exploring Kernel Data Structure .

December 6, 2011
Malware Analysis Tutorial 6- Self-Decoding and Self-Extracting Code Segment .

October 21, 2011
Malware Analysis Tutorial 5- Int 2D in Max++ (Part III) .

October 15, 2011
Malware Analysis Tutorial 4- Int 2D Anti-Debugging (Part II) is now released.

September 15, 2011
Check out details of Malware Analysis Tutorial 3- Int 2D Anti-Debugging .

September 10, 2011
ICEScrum Server is located at Accessible from Hofstra campus network only!

August 30, 2011
Malware Analysis Tutorial 2- Introduction to Ring3 Debugging is now available!

August 24, 2011
Check out Malware Analysis Tutorial - A Reverse Engineering Approach (Lesson 1: VM Based Analysis Platform)

July 12, 2011
Visit Dr. Fu's Security Blog for articles on malware analysis!

July 11, 2011
Technical report ``Single String Constraint Solver" is available for the technical details of SUSHI 2.0.

July 1, 2011
SUSHI 2.0 now is available for download. The latest version supports the Kaluza string constraint input format and provides various benchmark functions for performance comparison. The SUSHI solver is enhanced with various transformation techniques for broadening its applicability. We provide a VirtualBox image installation for ease the pain of configuration.

October 8, 2010
Dr. Fu will host workshop 17 (Automated Grading) at 2011 CCLI PI Conference in Washington, D.C. on January 26 - 28, 2011.

September 26, 2010
" Evolutionary Security Testing of Web Applications (Fast Abstract) " is accepted for publication at ISSRE'10.

September 21, 2010
" Relational Constraint Driven Test Case Synthesis for Web Applications " is presented at TAV-WEB 2010. PPT slides are available.

September 17, 2010
" Conformance Verification of Privacy Policies " is presented at WSFM 2010. PPT slides are available.

August 11, 2010
SUSHI 1.0 now is available for download. We have fixed several bugs that were recently introduced by mistake. Special attention: Unicode 0xFEFF and 0xFEFE are reserved for begin/end labels in FST.

July 4, 2010
"A String Constraint Solver for Detecting Web Application Vulnerability" is presented at SEKE 2010. PPT slides are available.

July 1, 2010
" Making Failure the Mother of Success " is accepted for publication at FIE 2010.

July 1, 2010
" Work inProgress: Intelligent Project Failure Analysis " is accepted for publication at FIE 2010.

June 12, 2010
SUSHI 0.9 and JavaSye 0.9 are both available for download.

June 1, 2010
We decide to abandon the efforts on the .Net framework. SAFELI will be working on the Java Platform only. At this moment, SAFELI = JavaSye (symbolic execution engine for Java) + SUSHI (string constraint solver). In the future, we will integrate the tool with APOGEE (test case replayer).

June 11, 2010
TAV-WEB 2010 deadline is approaching! Submit a paper here. The workshop is co-organized by Gwen Salan Grenoble INP-INRIA-LIG (France), Xiang Fu Hofstra University (US), and Sylvain Halle Universit du Qubec Montral (Canada).

June 10, 2010
APOGEE is accepted to be presented at 2011 CCLI PI Conference in Washington, D.C. on January 26 - 28, 2011.

May 20, 2010
WS-FM 2010 deadline is approaching! Submit a paper here.

May 15, 2010
Solving string constraint to discover vulnerabilities automatically! A paper on SUSHI constraint solver is accepted by SEKE 2010.

May 10, 2010
Two papers about APOGEE and intuitive project failure analysis are accepted by International Conference on Frontiers in Education. Paper1 (PDF) and Paper2 (PDF)

May 10, 2010
Another two papers on entrepreneurship education in computing accepted by FIE 2010. Paper1 (PDF) and Paper2 (PDF)

April 15, 2010
BAUT a sister system of APOGEE is presented at ITNG'10 by colleagues at SPSU.

April 13, 2010
Does regular replacement sanitation guarantee safety of your web application? Check out our paper. PPT Presentation (PPT) presentation is available.

March 10, 2010
APOGEE presented at SIGCSE 2010! Check out project poster and Handout

June 30, 2009
APOGEE website is now available. Release version 0.9.1 is available for download.

June 1, 2009
NSF-CCLI #0836859 is finally approved by Hofstra admin. The project is now on the track.

March 15, 2009
NSF-CCLI #0836859 is funded by NSF, now waiting for Hofstra approval.