R
Rundong Zhou
Researcher at Baidu
Publications - 9
Citations - 596
Rundong Zhou is an academic researcher from Baidu. The author has contributed to research in topics: Supply chain & Fuzz testing. The author has an hindex of 6, co-authored 9 publications receiving 373 citations. Previous affiliations of Rundong Zhou include Syracuse University.
Papers
More filters
Proceedings ArticleDOI
Scalable Graph-based Bug Search for Firmware Images
TL;DR: A new bug search scheme is proposed which addresses the scalability challenge in existing cross-platform bug search techniques and further improves search accuracy, and implemented a bug search engine, Genius, and compared it with state-of-art bug search approaches.
Proceedings ArticleDOI
SAVIOR: Towards Bug-Driven Hybrid Testing
TL;DR: This work proposes SAVIOR, a new hybrid testing framework pioneering a bug-driven principle that outperforms mainstream automated testing techniques, including state-of-the-art hybrid testing systems driven by code coverage.
Proceedings ArticleDOI
Make it work, make it right, make it fast: building a platform-neutral whole-system dynamic binary analysis platform
Andrew Henderson,Aravind Prakash,Lok Kwong Yan,Xunchao Hu,Xujiewen Wang,Rundong Zhou,Heng Yin +6 more
TL;DR: DECAF is presented, a virtual machine based, multi-target, whole-system dynamic binary analysis framework built on top of QEMU, which provides Just-In-Time Virtual Machine Introspection combined with a novel TCG instruction-level tainting at bit granularity, backed by a plugin based, simple-to-use event driven programming interface.
Proceedings ArticleDOI
Extracting Conditional Formulas for Cross-Platform Bug Search
TL;DR: This paper proposes to extract conditional formulas as higher-level semantic features from the raw binary code to conduct the code search, and shows that XMATCH outperforms the existing bug search techniques in terms of accuracy.
Posted Content
SAVIOR: Towards Bug-Driven Hybrid Testing
TL;DR: AVIOR as discussed by the authors leverages fuzz testing to test easy-to-reach code regions and uses concolic execution to explore code blocks guarded by complex branch conditions, and verifies all vulnerable program locations along the executing program path.