Xi Tan

Department of Computer Science and Engineering · University at Buffalo · 338 Davis Hall Buffalo, New York 14260-2500
Email: xitan@buffalo.edu

No pains, no gains.


Buffalo, NY, USA 08/2020 - present
Rochester, NY, USA 08/2019 - 08/2020
Beijing, China 2019

B.S. in College of Computer Science and Technology, Jilin University

Major: Computer Science and Technology (Network and Information Security)

Changchun, Jilin, China 2016

Current Research

System security with a focus on embedded systems

  • ARM Cortex-M embedded systems are widely used nowadays. Due to their resource restrictions and real-time properties, security mechanisms are usually not provided on such system, which renders them insecure. My research goal is to enhance the security of such platforms via new novel solutions at compiler (LLVM) and OS layers (using MPU, IDAU, etc).
08/2019 - Present

Virtual Machine Introspection (VMI) Based Malware Detection

  • Research significance and goals: There is no mature detection system for a variety kinds of virtual machines (VMs) and putting agents in virtual machines costs much and hard to maintain. This project was to build a malware detection system (called it VIDS) for virtual machines including Linux and Windows without agents.
  • Challenges and solutions:
    • Communicating with VMs to access the memory by modifying QMP protocol of QEMU.
    • Reading memory of VMs outside of them without agents by using VMI conception.
    • Classifying the detection target by conclusion crucial kernel data structures based on Rootkits' functions (process-hiding, modules-hiding, syscall-hijack, etc) for both Linux (task_struct, kobject, etc.) and Windows (EPROCESS, etc.) systems.
    • Combining forensic technique with VMI technique to reach an online memory analysis to detect malware to fix the semantic gap problem.
  • Advantages: Transparent to VMs, accuracy detection, modular with python language, variety detection platforms including Linux and Windows.
  • Disadvantages: Only memory related attacks detection, performance costs in host system, secure VMI.
  • Extension project - Cloud Security Monitoring Center: combined HIDS, NIDS, and VIDS to-gether to monitor the whole cloud environment including VMs, servers, and network traffics, alongwith a Data Visualization Platform to show the monitoring results.
07/2017 - 11/2018

Online Experiment System Based on Hybrid Virtualization

  • A research project aim to help the security education: clients for students to do attack exercises, which should be lightweight and easy to maintain; servers for target drone and management. Focused on virtualization technologies, and learned KVM and Docker's core architectures.
  • Built in B + C/S architecture with a virtualization platform based on KVM and Docker to achieve the distribution and control of containers.
04/2015 - 04/2016


  • Image-based Data Encryption Stenography and Forensics with LSB algorithm (Bachelor's Thesis): Embedding and extracting information from images by using bit operation and improved LSB algorithm.
  • Student achievement management system (C); Data structure course design (C ++); SNL compilation system implementation (C ++); Android security and practice (SDK); Web attack and defense experiments; Laravel framework CMS, etc .; Echarts big data visualization.
2013 - 2016

Rewards & Competitions

  • 08/2020 - Present: CTF training every week to improve hacking technologies, helping learners to solve problems, sometimes leading the meeting.
  • 2020 summer: Grants at USENIX Security 2020 (AUGUST 12-14)
  • 2020 spring: Grants at CODASPY CyberW 2020
  • 2020 spring: 6th place in the MITRE Collegiate eCTF 2020


  • 2018: Bibo Tu, Xi Tan, Kun Zhang.Methods and system for detecting malware behavior ofvirtual machine. Beijing: CN109597675A, 2019-04-09.
  • 2015: Wen-lin Y, Xi T, Jun-ting G, Shuo W.The The Vulnerability Analysis and Security Enhancement of Docker.Information Security and Technology. 2016;4:008.
  • 2013: Lizheng Ma, Xi Tan, Pei Huang, Li Bai, Ziyan Wu.Extended rule reasoning and knowledgecompilation method based on modal logic. (Paper for National Innovation Training Program: Destructive Extension Rule In Propositional Model)


Coding skills
  • Coding in C, C++, Standard Machine Language (SML), Python, PHP
  • Data Visualization by using HighCharts & Echartjs.
  • Virtualization, operating system, and network security related coding.
  • System Security, System Attack Model, and Network & Information Security.
  • Virtualization Architecture and Security Enhancements.


Writings: novels, poets, and tech blogs
Arts: calligraphy, drawings

Zhao Wei \"summer\"(Slender Gold)