Major: Computer Science and Technology (Network and Information Security)
Changchun, Jilin, China 2016
System security with a focus on embedded systems
ARM Cortex-M embedded systems are widely used nowadays. Due to their resource restrictions and real-time properties, security mechanisms are usually not provided on such system, which renders them insecure. My research goal is to enhance the security of such platforms via new novel solutions at compiler (LLVM) and OS layers (using MPU, IDAU, etc).
08/2019 - Present
Virtual Machine Introspection (VMI) Based Malware Detection
Research significance and goals: There is no mature detection system for a variety kinds of virtual machines (VMs) and putting agents in virtual machines costs much and hard to maintain. This project was to build a malware detection system (called it VIDS) for virtual machines including Linux and Windows without agents.
Challenges and solutions:
Communicating with VMs to access the memory by modifying QMP protocol of QEMU.
Reading memory of VMs outside of them without agents by using VMI conception.
Classifying the detection target by conclusion crucial kernel data structures based on Rootkits' functions (process-hiding, modules-hiding, syscall-hijack, etc) for both Linux (task_struct, kobject, etc.) and Windows (EPROCESS, etc.) systems.
Combining forensic technique with VMI technique to reach an online memory analysis to detect malware to fix the semantic gap problem.
Advantages: Transparent to VMs, accuracy detection, modular with python language, variety detection platforms including Linux and Windows.
Disadvantages: Only memory related attacks detection, performance costs in host system, secure VMI.
Extension project - Cloud Security Monitoring Center: combined HIDS, NIDS, and VIDS to-gether to monitor the whole cloud environment including VMs, servers, and network traffics, alongwith a Data Visualization Platform to show the monitoring results.
07/2017 - 11/2018
Online Experiment System Based on Hybrid Virtualization
A research project aim to help the security education: clients for students to do attack exercises, which should be lightweight and easy to maintain; servers for target drone and management. Focused on virtualization technologies, and learned KVM and Docker's core architectures.
Built in B + C/S architecture with a virtualization platform based on KVM and Docker to achieve the distribution and control of containers.
04/2015 - 04/2016
Image-based Data Encryption Stenography and Forensics with LSB algorithm (Bachelor's Thesis): Embedding and extracting information from images by using bit operation and improved LSB algorithm.
Student achievement management system (C); Data structure course design (C ++); SNL compilation system implementation (C ++); Android security and practice (SDK); Web attack and defense experiments; Laravel framework CMS, etc .; Echarts big data visualization.
2013 - 2016
Rewards & Competitions
08/2020 - Present: CTF training every week to improve hacking technologies, helping learners to solve problems, sometimes leading the meeting.
2020 summer: Grants at USENIX Security 2020 (AUGUST 12-14)
2020 spring: Grants at CODASPY CyberW 2020
2020 spring: 6th place in the MITRE Collegiate eCTF 2020
2018: Bibo Tu, Xi Tan, Kun Zhang.Methods and system for detecting malware behavior ofvirtual machine. Beijing: CN109597675A, 2019-04-09.
2013: Lizheng Ma, Xi Tan, Pei Huang, Li Bai, Ziyan Wu.Extended rule reasoning and knowledgecompilation method based on modal logic. (Paper for National Innovation Training Program: Destructive Extension Rule In Propositional Model)
Coding in C, C++, Standard Machine Language (SML), Python, PHP
Data Visualization by using HighCharts & Echartjs.
Virtualization, operating system, and network security related coding.
System Security, System Attack Model, and Network & Information Security.
Virtualization Architecture and Security Enhancements.