Fengwei Zhang Associate Professor Director, COMPASS Lab Department of Computer Science and Engineering Southern University of Science and Technology Contact: Innovation Park, Building 10, Room 501 1088 Xueyuan Ave, Nanshan District Shenzhen, Guangdong Province, China 518055 Phone: (+86) (755) 88015160 Email: zhangfw [at] sustech dot edu dot cn Lab: Innovation Park, Building 10, Suite 501 [Curriculum Vitae]

---

As of September 2019, I am a tenure-track Associate Professor at Department of Computer Science and Engineering at Southern University of Science and Technology (SUSTech). My primary research interests are in the areas of systems security, with a focus on trustworthy execution, hardware-assisted security, debugging transparency, transportation security, and plausible deniability encryption.

Before joining SUSTech, I spent four wonderful years as an Assistant Professor at Department of Computer Science at Wayne State University (WSU). I earned my Ph.D. in Computer Science from George Mason University in April 2015.


    My research group: [COMPASS@SUSTech] [COMPASS@WSU].


I am looking for graduate students, postdocs, undergraduate students to work with me on exciting projects in systems security. If you are interested, please send me your CV. Multiple fully funded positions are available [Hire Link, 招聘启示] [2020 SUSTech PhD Scholarship For International Students].

Multiple Postdoc Openings, deadline: 10/01/2020.

---

Teaching

• Spring 2020: CS 102A, Introduction to Computer Programming
• Fall 2019: CS 315, Computer Security

• Previous Semesters: [full list]

---

Selected Recent Publications [full list]

Authors with an underline "_" is student mentored by me in my lab; * indicates the corresponding author.

• KShot: Live Kernel Patching with SMM and SGX
  Lei Zhou, Fengwei Zhang*, Jinghui Liao, Zhenyu Ning, Jidong Xiao, Kevin Leach, Westley Weimer, and Guojun Wang
  To Appear In Proceedings of The 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'20), Valencia, Spain, June, 2020 (Candidate for Best Paper Award, 3 out of 291 submissions).
  


• Uranus: Simple, Efficient SGX Programming and Its Applications
  Jianyu Jiang, Xusheng Chen, Tze On Li, Cheng Wang, Tianxiang Shen, Shixiong Zhao, Heming Cui, Cho-Li Wang, Fengwei Zhang
  To Appear In Proceedings of The 15th ACM ASIA Conference on Computer and Communications Security (AsiaCCS'20), Taipei, Taiwan, October, 2020.
  


• Nailgun: Breaking Privilege Isolation on ARM, 钉枪：突破ARM特权隔离
  Fengwei Zhang and Zhenyu Ning, 张锋巍,宁振宇
  In Communications of China Computer Federation (CCCF'20),《中国计算机学会通讯》Vol.16, No.1, pp.51-54, 2020.


• SecDATAVIEW: A Secure Big Data Workflow Management System for Heterogeneous Computing Environments  [slides]
  [Artifacts Evaluated – Functional]
  [Source Code]
  Saeid Mofrad, Ishtiaq Ahmed, Shiyong Lu, Ping Yang, Heming Cui, and Fengwei Zhang*
  In Proceedings of The 35th Annual Computer Security Applications Conference (ACSAC'19), San Juan, Puerto Rico, December, 2019.
  


• Defeating Speculative-Execution Attacks on SGX with HyperRace
  Guoxing Chen, Mengyuan Li, Fengwei Zhang, and Yinqian Zhang
  In Proceedings of The 2019 IEEE Conference on Dependable and Secure Computing (IDSC'19), Hangzhou, China, November, 2019.
  


• SecLabel: Enhancing RISC-V Platform Security with Labelled Architecture  [slides]
  Zhenyu Ning, Yinqian Zhang, and Fengwei Zhang*
  In The 1st China RISC-V Forum (CRVF'19), Shenzhen, China, November, 2019.
  


• A Study of the Multiple Sign-in Feature in Web Applications
  Marwan Albahar, Xing Gao, Gaby G. Dagher, Daiping Liu, Fengwei Zhang, and Jidong Xiao
  In Proceedings of The 15th EAI International Conference on Security and Privacy in Communication Networks (SecureComm'19), Short paper, Orlando, Florida, October, 2019.
  


• Nighthawk: Transparent System Introspection from Ring -3  [slides]
  Lei Zhou, Jidong Xiao, Kevin Leach, Westley Weimer, Fengwei Zhang*, and Guojun Wang
  In Proceedings of The 24th European Symposium on Research in Computer Security (ESORICS'19), Luxembourg, September, 2019.
  


• Understanding the Security of Traffic Signal Infrastructure  [slides]
  Zhenyu Ning, Fengwei Zhang*, and Stephen Remias
  In Proceedings of The 16th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA'19), Gothenburg, Sweden, June, 2019.
  


• Understanding the Security of ARM Debugging Features  [slides]
  Zhenyu Ning and Fengwei Zhang
  In Proceedings of The 40th IEEE Symposium on Security & Privacy (S&P'19), San Francisco, California, May, 2019.
  Nailgun project is online! [Web] [PoC] [Video1] [Video2]
  CVE-2018-18068.


• Hardware-assisted Transparent Tracing and Debugging on ARM  [bib]
  Zhenyu Ning and Fengwei Zhang
  In IEEE Transactions on Information Forensics & Security (TIFS'19), Vol.14, No.6, pp.1595-1609, 2019. Impact Factor: 5.824 (11/2018).


• Methods and Systems for Increased Debugging Transparency  [bib]
  Fengwei Zhang, Kevin Leach, Angelos Stavrou, and Haining Wang
  U.S. Patent Number 10,127,137. Issued on November 13, 2018.

Recent Professional Services

Program Organization

[ML4CS]: General Chair, International Conference on Machine Learning for Cyber Security, 2020.

[EuroSec]: Publicity Chair, European Workshop on Systems Security, 2018, 2019.

[IWCSS]: Program Co-Chair, International Workshop on Cyberspace Security, 2019.

[CCSW]: Publicity Chair, ACM Cloud Computing Security Workshop, 2017.

Program Committee Membership

[S&P]: IEEE Symposium on Security and Privacy (“Oakland”), 2021.

[CCS]: ACM Conference on Computer and Communications Security, 2017, 2018, 2019, 2020.

[ACSAC]: Annual Computer Security Applications Conference, 2016, 2017, 2018, 2019, 2020.

[DSN]: IEEE/IFIP International Conference on Dependable Systems and Networks, 2020, 2021.

[ESORICS]: European Symposium on Research in Computer Security, 2020.

[AsiaCCS]: ACM ASIA Conference on Computer and Communications Security, 2021.

[WiSec]: ACM Conference on Security and Privacy in Wireless and Mobile Networks, 2019, 2020.

[ARES]: International Conference on Availability, Reliability and Security, 2020.

[HPBD&IS]: International Conference on High Performance Big Data and Intelligent Systems, 2020.

[EuroSec]: European Workshop on Systems Security, 2018, 2019, 2020.

[MASS]: IEEE International Conference on Mobile Ad-hoc and Sensor Systems, 2018, 2019.

[SecureComm]: EAI International Conference on Security and Privacy in Communication Networks, 2018.

[ICICS]: International Conference on Information and Communications Security, 2018.

[IoTSSP]: ACM MobiHoc Workshop on Mobile IoT Sensing, Security, and Privacy, 2018.

[ICC]: IEEE International Conference on Communications, 2018.

[CCSW]: ACM Cloud Computing Security Workshop, 2017.

[HASP]: Hardware and Architectural Support for Security and Privacy, 2017.

[ICPADS]: IEEE International Conference on Parallel and Distributed Systems, 2016.

[DependSys]: Symposium on Dependability in Sensor, Cloud, and Big Data Systems and Applications, 2016.

Artifact Evaluation Committee

[USENIX-Security]: USENIX Security Symposium, 2020.

[ACSAC]: Annual Computer Security Applications Conference, 2019.

[WOOT]: USENIX Workshop on Offensive Technologies, 2019.

---

Thesis

• Using Hardware Isolated Execution Environments for Securing Systems  [bib]