- Static Analysis for Bug Scanning
Pinpoint is an industrial-strength automated software bug scanner. It has found hundreds of vulnerabilities with many CVEs in mature systems . It was successfully commercialized at Sourcebrella LLC, which was acquired by Ant Group in 2020 for improving the quality of many products such as Alipay, a popular digital payment app with over a billion monthly active users. Interested readers can refer to this doctoral dissertation as well as follow-up works on path-sensitive sparse dataflow analysis (PLDI'18, PLDI'21, OOPSLA'22a, PLDI'24, …) and approaches to detecting specific bug types (OOPSLA'21, OOPSLA'22b, …). Two ACM Distinguished Paper Awards were awarded for these studies.
Keywords: path-sensitive and sparse analysis, memory safety analysis, taint analysis.
- Static Analysis for Reverse Engineering
Reverse engineering by static program analysis attempts to understand through logical reasoning how a previously made software accomplishes a task with very little insight into exactly how it does so. The research group focuses on network protocol reverse engineering to ensure network security (CCS'23, SEC'23, OOPSLA'24), as well as reverse engineering of machine code for binary analysis (SP'23, ISSTA'23, ESEC/FSE'23). These techniques are expected to facilitate automated security analysis, such as bug scanning and fuzz testing. To date, many zero-day vulnerabilities have been discovered through these techniques , and an ACM SIGPLAN Distinguished Paper Award was received.
Keywords: network security, network protocols, disassembly, binary similarity.
- Static Analysis for Fuzz Testing
Fuzz testing is powerful for revealing security loopholes in software. The research group is interested in leveraging static program analyses, particularly, abstract interpretation, to make a general fuzzer more effective and efficient (SP'20, SP'22, …). The group is also interested in applying fuzzers to domain-specific application scenarios, including compilers or interpreters, constraint solvers or theorem provers, network or distributed systems, to name a few (ESEC/FSE'21, ISSTA'21, ASE'24, ISSTA'24, …). By fuzzing, hundreds of bugs in state-of-the-art constraint solvers and open-source software have been discovered. The study received an ACM SIGSOFT Distinguished Paper Award and a Google Research Paper Reward.
Keywords: incremental fuzzing, directed fuzzing, testing large and complex systems.
Welcome to Qingkai's Homepage
If you like programming and are interested in compilers and
compiler-based security techniques, drop by Office 518 or send an email for
Ph.D. and Master positions.
2024/12: Our work on language-agnostic static analysis got accepted by
ICSE2025; the artifact supports nine programming languages and has been
open-sourced at Github.
2024/10: Our paper received the ACM SIGPLAN Distinguished Paper Award at
OOPSLA2024.
2024/10: Our paper received the ACM SIGSOFT Distinguished
Paper Award at ASE2024.
Qingkai Shi is an associate professor
in the School of Computer Science at Nanjing University. His research focuses on
the use of compiler techniques, especially static program analysis, to
rigorously ensure software security. He has published extensively at premium
venues of programming languages (PLDI, OOPSLA), cybersecurity (SP, CCS), and
software engineering (ICSE, ESEC/FSE). His research received many awards,
including two ACM SIGPLAN Distinguished Paper Awards, two ACM SIGSOFT
Distinguished Paper Awards, a Google Research Paper Reward, and the Hong Kong Ph.D.
Fellowship.
Qingkai obtained his Ph.D. from the
Hong Kong University of Science and Technology. He co-founded Sourcebrella LLC,
where his research was commercialized. He then moved to Ant Group, which
acquired Sourcebrella. Qingkai also enjoyed a wonderful period as a postdoctoral
researcher at Purdue University, West Lafayette, the United States.