Fengwei Zhang Associate Professor Director, COMPASS Lab Department of Computer Science and Engineering Southern University of Science and Technology Contact: College of Engineering, South Tower, Room 515 1088 Xueyuan Ave, Nanshan District Shenzhen, Guangdong Province, China 518055 Phone: (+86) (755) 88015160 Email: zhangfw [at] sustech dot edu dot cn Lab: College of Eng. South Tower, Room 441A [Curriculum Vitae]

---

As of September 2019, I am a tenure-track Associate Professor at Department of Computer Science and Engineering at Southern University of Science and Technology (SUSTech). My primary research interests are in the areas of systems security, with a focus on trustworthy execution, hardware-assisted security, debugging transparency, transportation security, and plausible deniability encryption.

Before joining SUSTech, I spent four wonderful years as an Assistant Professor at Department of Computer Science at Wayne State University (WSU). I earned my Ph.D. in Computer Science from George Mason University in April 2015.


    My research group: [COMPASS@SUSTech] [COMPASS@WSU].


I am looking for graduate students, postdocs, undergraduate students to work with me on exciting projects in systems security. If you are interested, please send me your CV. Multiple fully funded positions are available [Hire Link, 招聘启示] [SUSTech Ph.D. Scholarship For International Students].

Multiple Postdoc Openings.

---

Teaching

• Spring 2021: CS 102A, Introduction to Computer Programming
• Fall 2020: CS 315, Computer Security

• Previous Semesters: [full list]

---

Selected Recent Publications [full list]

Authors with an underline "_" is student/scholar mentored by me in my lab or courses; * indicates the corresponding author.

• Speedster: A TEE-assisted State Channel System  
  Jinghui Liao, Fengwei Zhang*, Wenhai Sun, and Weisong Shi
  [Paper draft]


• BadUSB- C: Revisiting BadUSB with Type-C  [slides]
  Hongyi Lu, Yechang Wu, Shuqing Li, You Lin, Chaozu Zhang, Fengwei Zhang*
  To Appear In Proceedings of the 15th Workshop On Offensive Technologies (WOOT'21), in conjunction with the 42nd IEEE Symposium on Security and Privacy (S&P'21), May, 2021.
  This work is a course project from my CS 315 Computer Security Class, all co-authors are undergraduates in the class.
  CVE-2021-22325.


• A Coprocessor-based Introspection Framework via Intel Management Engine  
  Lei Zhou, Fengwei Zhang*, Jidong Xiao, Kevin Leach, Westley Weimer, Xuhua Ding, and Guojun Wang
  To Appear In IEEE Transactions on Dependable and Secure Computing (TDSC'21), 2021. Impact Factor: 6.404.


• Happer: Unpacking Android Apps via a Hardware-Assisted Approach  
  Lei Xue, Hao Zhou, Xiapu Luo, Yajin Zhou, Yang Shi, Guofei Gu, Fengwei Zhang, and Man Ho Au
  To Appear In Proceedings of the 42nd IEEE Symposium on Security and Privacy (S&P'21), May, 2021.


• An Attribute-Isolated Secure Communication Architecture for Intelligent Connected Vehicles  
  Mu Han, Ailan Wan, Fengwei Zhang, and Shidian Ma
  To Appear In IEEE Transactions on Intelligent Vehicle (T-IV'20), 2020. Impact Factor: 7.420.


• DAENet: Making Strong Anonymity Scale in a Fully Decentralized Network  
  Tianxiang Shen, Jianyu Jiang, Yunpeng Jiang, Xusheng Chen, Ji Qi, Shixiong Zhao, Fengwei Zhang*, Xiapu Luo, and Heming Cui*
  To Appear In IEEE Transactions on Dependable and Secure Computing (TDSC'20), 2020. Impact Factor: 6.404.


• E-SGX: Cache Side-Channel Protection for Intel SGX on Untrusted OS  
  Fan Lang, Huorong Li, Wei Wang, Jingqiang Lin, Fengwei Zhang, Wuqiong Pan, and Qiongxiao Wang
  In Proceedings of the 16th International Conference on Information Security and Cryptology (Inscrypt'20), Guangzhou, China, December, 2020.
  


• SEED: Confidential Big Data Workflow Scheduling with Intel SGX Under Deadline Constraints  [slides] [video]
  Ishtiaq Ahmed, Saeid Mofrad, Shiyong Lu, Changxin Bai, Fengwei Zhang*, and Dunren Che
  In Proceedings of the IEEE International Conference on Services Computing (SCC'20), Beijing, China, October, 2020.
  


• HART: Hardware-assisted Kernel Module Tracing on Arm  [slides] [1-minute video] [15-minutes video]
  Yunlan Duˆ, Zhenyu Ningˆ, Jun Xu, Zilong Wang, Yueh-Hsun Lin, Fengwei Zhang*, Xinyu Xing, and Bing Mao
  In Proceedings of the 25th European Symposium on Research in Computer Security (ESORICS'20), Guildford, United Kingdom, September, 2020. (ˆ These authors contributed equally to this work).
  


• Uranus: Simple, Efficient SGX Programming and Its Applications
  Jianyu Jiang, Xusheng Chen, Tze On Li, Cheng Wang, Tianxiang Shen, Shixiong Zhao, Heming Cui, Cho-Li Wang, Fengwei Zhang
  In Proceedings of the 15th ACM ASIA Conference on Computer and Communications Security (AsiaCCS'20), Taipei, Taiwan, October, 2020.
  


• KShot: Live Kernel Patching with SMM and SGX  [slides] [1-minute video] [video in Chinese]
  Lei Zhou, Fengwei Zhang*, Jinghui Liao, Zhenyu Ning, Jidong Xiao, Kevin Leach, Westley Weimer, and Guojun Wang
  In Proceedings of the 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'20), Valencia, Spain, June, 2020 (Runner-up Best Paper Award, 3 out of 291 submissions).
  


• RansomSpector: An Introspection-Based Approach to Detect Crypto Ransomware  
  Fei Tang, Boyang Ma, Jinku Li, Fengwei Zhang, Jipeng Su, Jianfeng Ma
  To Appear In Elsevier Computers & Security (CompSec'20), 2020. Impact Factor: 3.579.


• Nailgun: Breaking Privilege Isolation on ARM, 钉枪：突破ARM特权隔离
  Fengwei Zhang and Zhenyu Ning, 张锋巍,宁振宇
  In Communications of China Computer Federation (CCCF'20),《中国计算机学会通讯》Vol.16, No.1, pp.51-54, 2020.


• SecDATAVIEW: A Secure Big Data Workflow Management System for Heterogeneous Computing Environments  [slides]
  [Artifacts Evaluated – Functional]
  [Source Code]
  Saeid Mofrad, Ishtiaq Ahmed, Shiyong Lu, Ping Yang, Heming Cui, and Fengwei Zhang*
  In Proceedings of The 35th Annual Computer Security Applications Conference (ACSAC'19), San Juan, Puerto Rico, December, 2019.
  


• Defeating Speculative-Execution Attacks on SGX with HyperRace
  Guoxing Chen, Mengyuan Li, Fengwei Zhang, and Yinqian Zhang
  In Proceedings of The 2019 IEEE Conference on Dependable and Secure Computing (IDSC'19), Hangzhou, China, November, 2019.
  


• SecLabel: Enhancing RISC-V Platform Security with Labelled Architecture  [slides]
  Zhenyu Ning, Yinqian Zhang, and Fengwei Zhang*
  In The 1st China RISC-V Forum (CRVF'19), Shenzhen, China, November, 2019.
  


• A Study of the Multiple Sign-in Feature in Web Applications
  Marwan Albahar, Xing Gao, Gaby G. Dagher, Daiping Liu, Fengwei Zhang, and Jidong Xiao
  In Proceedings of The 15th EAI International Conference on Security and Privacy in Communication Networks (SecureComm'19), Short paper, Orlando, Florida, October, 2019.
  


• Nighthawk: Transparent System Introspection from Ring -3  [slides]
  Lei Zhou, Jidong Xiao, Kevin Leach, Westley Weimer, Fengwei Zhang*, and Guojun Wang
  In Proceedings of The 24th European Symposium on Research in Computer Security (ESORICS'19), Luxembourg, September, 2019.
  


• Understanding the Security of Traffic Signal Infrastructure  [slides]
  Zhenyu Ning, Fengwei Zhang*, and Stephen Remias
  In Proceedings of The 16th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA'19), Gothenburg, Sweden, June, 2019.
  


• Understanding the Security of ARM Debugging Features  [slides]
  Zhenyu Ning and Fengwei Zhang
  In Proceedings of The 40th IEEE Symposium on Security & Privacy (S&P'19), San Francisco, California, May, 2019.
  Nailgun project is online! [Web] [PoC] [Video1] [Video2]
  CVE-2018-18068.

Recent Professional Services

Program Organization

[ML4CS]: General Chair, International Conference on Machine Learning for Cyber Security, 2020.

[EuroSec]: Publicity Chair, European Workshop on Systems Security, 2018, 2019.

[IWCSS]: Program Co-Chair, International Workshop on Cyberspace Security, 2019.

[CCSW]: Publicity Chair, ACM Cloud Computing Security Workshop, 2017.

Program Committee Membership

[S&P]: IEEE Symposium on Security and Privacy (“Oakland”), 2021, 2022.

[USENIX-Security]: USENIX Security Symposium, 2021, 2022.

[CCS]: ACM Conference on Computer and Communications Security, 2017, 2018, 2019, 2020.

[ACSAC]: Annual Computer Security Applications Conference, 2016, 2017, 2018, 2019, 2020, 2021.

[DSN]: IEEE/IFIP International Conference on Dependable Systems and Networks, 2020, 2021.

[ESORICS]: European Symposium on Research in Computer Security, 2020, 2021.

[AsiaCCS]: ACM ASIA Conference on Computer and Communications Security, 2021, 2022.

[WiSec]: ACM Conference on Security and Privacy in Wireless and Mobile Networks, 2019, 2020.

[ARES]: International Conference on Availability, Reliability and Security, 2020.

[HPBD&IS]: International Conference on High Performance Big Data and Intelligent Systems, 2020.

[EuroSec]: European Workshop on Systems Security, 2018, 2019, 2020, 2021.

[AutoSec]: International Workshop on Automotive and Autonomous Vehicle Security, 2021.

[MASS]: IEEE International Conference on Mobile Ad-hoc and Sensor Systems, 2018, 2019.

[SecureComm]: EAI International Conference on Security and Privacy in Communication Networks, 2018.

[ICICS]: International Conference on Information and Communications Security, 2018, 2021.

[IoTSSP]: ACM MobiHoc Workshop on Mobile IoT Sensing, Security, and Privacy, 2018.

[ICC]: IEEE International Conference on Communications, 2018.

[CCSW]: ACM Cloud Computing Security Workshop, 2017.

[HASP]: Hardware and Architectural Support for Security and Privacy, 2017.

[ICPADS]: IEEE International Conference on Parallel and Distributed Systems, 2016.

[DependSys]: Symposium on Dependability in Sensor, Cloud, and Big Data Systems and Applications, 2016.

Artifact Evaluation Committee

[USENIX-Security]: USENIX Security Symposium, 2020.

[ACSAC]: Annual Computer Security Applications Conference, 2019, 2020.

[WOOT]: USENIX Workshop on Offensive Technologies, 2019.

---

Thesis

• Using Hardware Isolated Execution Environments for Securing Systems  [bib]