Dr. Xiang Fu

Dr. Xiang Fu

Associate Professor
Department of Computer Science
Hofstra University, Hempstead, NY 11549

Office: Adams 202
Phone: (516) 463-4787
Email: Xiang.Fu@hofstra.edu

News and Announcements

February 9, 2012
Malware Analysis Tutorial 16: Return Oriented Programming (Return to LIBC) Attack .

February 2, 2012
Malware Analysis Tutorial 15: Injecting Thread into a Running Process .

January 31, 2012
Malware Analysis Tutorial 14: Retrieve Self-Decoding Key .

January 24, 2012
Malware Analysis Tutorial 13: Tracing DLL Entry Point .

January 19, 2012
"Simple Linear String Constraints" (DOI: 10.1007/s00165-011-0214-3) to be published by the Journal of Formal Aspects of Computing. This paper contributes in the area of constraint solving and web security. SUSHI solver has been used in discovering SQL injection and XSS vulnerabilities of web applications. A preliminary version is available here. A preview official version is available on the Springer journal site. Paginated jounal version to follow.

January 18, 2012
Malware Analysis Tutorial 12: Debug the Debugger - Fix Module Information and UDD File .

January 15, 2012
Dr. Fu serves as the Web Chair of the 10th International Conference on Service Oriented Computing. Submit to ICSOC'12, the forum for sharing your ground breaking discoveries in the area.

January 10, 2012
Malware Analysis Tutorial 11: Starling Technique and Hijacking Kernel System Calls using Hardware Breakpoints .

January 4, 2012
Malware Analysis Tutorial 10: Tricks for Confusing Static Analysis Tools .

December 29, 2011
Malware Analysis Tutorial 9: Encoded Export Table .

December 25, 2011
Malware Analysis Tutorial 8: PE Header and Export Table .

December 14, 2011
Malware Analysis Tutorial 7: Exploring Kernel Data Structure .

December 6, 2011
Malware Analysis Tutorial 6- Self-Decoding and Self-Extracting Code Segment .

October 21, 2011
Malware Analysis Tutorial 5- Int 2D in Max++ (Part III) .

October 15, 2011
Malware Analysis Tutorial 4- Int 2D Anti-Debugging (Part II) is now released.

September 15, 2011
Check out details of Malware Analysis Tutorial 3- Int 2D Anti-Debugging .

September 10, 2011
ICEScrum Server is located at 147.47.180.175:8080/icescrum. Accessible from Hofstra campus network only!

August 30, 2011
Malware Analysis Tutorial 2- Introduction to Ring3 Debugging is now available!

August 24, 2011
Check out Malware Analysis Tutorial - A Reverse Engineering Approach (Lesson 1: VM Based Analysis Platform)

July 12, 2011
Visit Dr. Fu's Security Blog for articles on malware analysis!

July 11, 2011
Technical report ``Single String Constraint Solver" is available for the technical details of SUSHI 2.0.

July 1, 2011
SUSHI 2.0 now is available for download. The latest version supports the Kaluza string constraint input format and provides various benchmark functions for performance comparison. The SUSHI solver is enhanced with various transformation techniques for broadening its applicability. We provide a VirtualBox image installation for ease the pain of configuration.

October 8, 2010
Dr. Fu will host workshop 17 (Automated Grading) at 2011 CCLI PI Conference in Washington, D.C. on January 26 - 28, 2011.

September 26, 2010
" Evolutionary Security Testing of Web Applications (Fast Abstract) " is accepted for publication at ISSRE'10.

September 21, 2010
" Relational Constraint Driven Test Case Synthesis for Web Applications " is presented at TAV-WEB 2010. PPT slides are available.

September 17, 2010
" Conformance Verification of Privacy Policies " is presented at WSFM 2010. PPT slides are available.

August 11, 2010
SUSHI 1.0 now is available for download. We have fixed several bugs that were recently introduced by mistake. Special attention: Unicode 0xFEFF and 0xFEFE are reserved for begin/end labels in FST.

July 4, 2010
"A String Constraint Solver for Detecting Web Application Vulnerability" is presented at SEKE 2010. PPT slides are available.

July 1, 2010
" Making Failure the Mother of Success " is accepted for publication at FIE 2010.

July 1, 2010
" Work inProgress: Intelligent Project Failure Analysis " is accepted for publication at FIE 2010.

June 12, 2010
SUSHI 0.9 and JavaSye 0.9 are both available for download.

June 1, 2010
We decide to abandon the efforts on the .Net framework. SAFELI will be working on the Java Platform only. At this moment, SAFELI = JavaSye (symbolic execution engine for Java) + SUSHI (string constraint solver). In the future, we will integrate the tool with APOGEE (test case replayer).

June 11, 2010
TAV-WEB 2010 deadline is approaching! Submit a paper here. The workshop is co-organized by Gwen Salan Grenoble INP-INRIA-LIG (France), Xiang Fu Hofstra University (US), and Sylvain Halle Universit du Qubec Montral (Canada).

June 10, 2010
APOGEE is accepted to be presented at 2011 CCLI PI Conference in Washington, D.C. on January 26 - 28, 2011.

May 20, 2010
WS-FM 2010 deadline is approaching! Submit a paper here.

May 15, 2010
Solving string constraint to discover vulnerabilities automatically! A paper on SUSHI constraint solver is accepted by SEKE 2010.

May 10, 2010
Two papers about APOGEE and intuitive project failure analysis are accepted by International Conference on Frontiers in Education. Paper1 (PDF) and Paper2 (PDF)

May 10, 2010
Another two papers on entrepreneurship education in computing accepted by FIE 2010. Paper1 (PDF) and Paper2 (PDF)

April 15, 2010
BAUT a sister system of APOGEE is presented at ITNG'10 by colleagues at SPSU.

April 13, 2010
Does regular replacement sanitation guarantee safety of your web application? Check out our paper. PPT Presentation (PPT) presentation is available.

March 10, 2010
APOGEE presented at SIGCSE 2010! Check out project poster and Handout

June 30, 2009
APOGEE website is now available. Release version 0.9.1 is available for download.

June 1, 2009
NSF-CCLI #0836859 is finally approved by Hofstra admin. The project is now on the track.

March 15, 2009
NSF-CCLI #0836859 is funded by NSF, now waiting for Hofstra approval.