Xuxian Jiang Assistant Professor Department of Computer Science Email: Phone: 919-513-7835 Office: Room 3256, EBII North Carolina State University 890 Oval Drive, Campus Box 8206 Raleigh, NC 27695-8206 Fax: 919-515-7896

- Software releases:

• Linux kernel patches: RO/NX protection for kernel modules (to appear in 2.6.33 kernel), NX protection for kernel data (to appear in 2.6.33 kernel), BIOS32 service mappings footprint reduction (work in progress)
• Research prototypes: NICKLE/qemu, SplitMemory/x86
• "Live" demos: VMscope, vGround

- Current research interests: virtual machines (VMs) and security.

• Rootkit detection, investigation, and defense
• Countering Kernel Rootkits with Lightweight Hook Protection (CCS'09 -- Got Slashdotted)
• Mapping Kernel Objects to Enable Systematic Integrity Checking (CCS'09)
• Multi-Aspect Profiling of Kernel Rootkit Behavior (EUROSYS'09)
• Guest-Transparent Prevention of Kernel Rootkits with VMM-based Memory Shadowing (RAID'08 -- Received Best Paper Award)
• Countering Persistent Kernel Rootkits Through Systematic Hook Discovery (RAID'08)
• Stealthy Malware Detection Through VMM-Based "Out-of-the-Box" Semantic View Reconstruction (CCS'07)
• Protocol reverse engineering for malware defense
• ReFormat: Automatic Reverse Engineering of Encrypted Messages (ESORICS'09)
• Automatic Protocol Format Reverse Engineering Through Context-Aware Monitored Execution (NDSS'08)
• Honeypots and honeyfarms for malware capture and investigation
• "Out-of-the-Box" Monitoring of VM-Based High-Interaction Honeypots (RAID'07)
• Automated Web Patrol with Strider HoneyMonkeys: Finding Web Sites That Exploit Browser Vulnerabilities (NDSS'06)
• Virtual Playgrounds for Worm Behavior Investigation (RAID'05)
• Collapsar: A VM-Based Architecture for Network Attack Detention Center (SECURITY'04)

- Publications

Media Coverage

- HookSafe Protects Kernel from Rootkits, Linux Pro Magazine, November 13, 2009
- Scientists Unveil Lightweight Rootkit Protection, Slashdot posting, November 11, 2009
- Boffins Boast Newfangled Rootkit Blocker, The Register, November 11, 2009
- Protecting OSs from RootKits, Bruce Schneier's Blog, November 10, 2009
- New Tool Seeks to Block Rootkits by Protecting Their Targets, Ars Technica, November 4, 2009
- Boffins Work Out How to Foil Rootkits, The Inquirer, November 4, 2009
- Researchers Create Hypervisor-Based Tool For Blocking Rootkits, Dark Reading, November 3, 2009
- Hooks Hijacked? New Research Shows How To Block Stealthy Malware Attacks Science Daily, November 3, 2009

Teaching

- Spring 2010: CSC405 - Introduction to Computer Security
- Fall 2009: CSC591-004 - Operating Systems Security
- Spring 2009: CSC501 - Operating Systems Principles
- Spring 2009: CSC801 - Seminar in Computer Science
- Fall 2008: CSC591S - Special Topics in Operating Systems Security
- Spring 2008: ISA564 - Security Laboratory
- Fall 2007: ISA564 - Security Laboratory
- Spring 2007: ISA797 - Advanced Topics in Information Security
- Fall 2006: ISA797 - Advanced Topics in Information Security
<--->

Students

- Current: Zhi Wang, Mike Grace, Sina Bahram, Deepa Srinivasan, Siarhei Liakh, and Minh Q. Tran
- Graduated stduents:

• Ryan D. Riley (Ph.D. 2009, co-advised with Prof. Dongyan Xu)
  • Thesis title: Architectural Approaches for Code Injection Defense at the User and Kernel Levels
  • Current employment: Assistant Professor, Qatar University, Doha, Qatar
  • Awards: 2009 CERIAS Diamond Award, Best Paper Award from the RAID'08 symposium

Service

- TPC Member, IEEE ICDCS 2010, Genoa, Italy, 2010.
- TPC Member, 2nd ACM Workshop on Virtual Machine Security (VMSec) 2009, Chicago, IL, 2009.
- TPC Member, ESORICS 2009, Saint Malo, Brittany, France, 2009.
- TPC Member, RAID 2009, Saint-Malo, Britanny, France, 2009.
- TPC Member, WWW 2009, Madrid, Spain, 2009.
- TPC Member, IEEE S&P 2009, Berkeley/Oakland, CA, 2009.
- TPC Member, IEEE ICDCS 2009, Montreal, Canada, 2009.
- TPC Member, 4th Workshop on Virtualization in High-Performance Cloud Computing (VHPC'09), Delft, The Netherlands, 2009.
- TPC Member, Workshop on Virtualization Technology for Dependable Systems 2009, Nuremberg, Germany, 2009.
- TPC Member, ISOC NDSS 2009, San Diego, CA, 2009.
- TPC Member, 1st ACM Workshop on Virtual Machine Security (VMSec) 2008, Fairfax, VA, 2008.
- TPC Member, ACM Workshop on Scalable Trusted Computing (STC) 2008, Fairfax, VA, 2008.
- TPC Member, IEEE ICDCS 2007, Toronto, Canada, 2007.
- TPC Member - posters,WWW 2007, Alberta, Canada, 2007.

Last modified: November 12th, 2009 calendar