West wind withered trees, alone on high tower, I gazed at distant lanes.
No regrets, my belt loose, but love's enduring strain for you.
Seeking her again and again, in dim light, she resides, where lanterns wane.
Hey, I am Yunlong Lyu, currently working in Alibaba Cloud. In 2022-2024, I were worked at a Tencent Security Lab. I am dedicated to using AI to solve problems in the field of software and system security. I have detected and fixed nearly a hundred security vulnerabilities in well-known open-source software such as the Linux kernel. I obtained a master's degree in CyperSpace Security from the University of Science and Technology of China in 2022, under the guidance of Professor Qibin Sun. In 2019, I received a bachelor's degree in Information Security from China University of Geosciences (Wuhan). From 2020 to 2021, I interned at the G.O.S.S.I.P Software Security Research Group at Shanghai Jiao Tong University, under the guidance of Professor Juanru Li.
Research Interests
- Program Analysis
- AI-driven Security
- LLM-applied Security
昨夜西风凋碧树,独上高楼,望尽天涯路。
衣带渐宽终不悔,为伊消得人憔悴。
众里寻他千百度,蓦然回首,那人却在,灯火阑珊处。
Hey,我是吕云龙,目前在阿里云工作。在2022-2024年,我在腾讯安全大数据工作。我致力于用AI来解决软件安全和系统安全领域中的问题,曾在知名开源软件(如Linux kernel)上检测并修复近百个安全缺陷。 我于2022年在中国科学技术大学获得了网络空间安全专业的硕士学位,指导老师为孙启彬教授, 并于2019年在中国地质大学(武汉)获得信息安全专业的学士学位。 在2020年至2021年,我曾在上海交通大学 G.O.S.S.I.P 软件安全研究组实习,指导老师为李卷孺。
研究兴趣
- 程序分析
- AI驱动安全
- LLM应用安全
Publiciations
-
SparrowHawk: Memory Safety Flaw Detection via Data-Driven Source Code Annotation.
Yunlong Lyu, Wang Gao, Siqi Ma, Qibin Sun, Juanru Li.
In the Proceedings of the 17th International Conference on Information Security and Cryptology (Inscrypt) (CCF-C), 2021. -
Goshawk: Hunting Memory Corruptions via Structure-Aware and Object-Centric Memory Operation Synopsis.
Yunlong Lyu, Yi Fang, Yiwei Zhang, Qibin Sun, Siqi Ma, Elisa Bertino, Kangjie Lu, Juanru Li.
In the Proceedings of the 43rd IEEE Symposium on Security and Privacy (S&P), 2022. -
HOPPER: Interpretative Fuzzing for Libraries.
Peng Chen, Yuxuan Xie, Yunlong Lyu, Yuxiao Wang, and Hao Chen.
In ACM Conference on Computer and Communications Security (CCS) , Copenhagen, Denmark, 11, 2023 -
Prompt Fuzzing for Fuzz Driver Generation.
Yunlong Lyu, Yuxuan Xie, Peng Chen, and Hao Chen.
In ACM Conference on Computer and Communications Security (CCS) , Salt Lake City, U.S.A., 12, 2024
🏆Trophy
| ID | Project | Bug ID | Bug Type | Method |
|---|---|---|---|---|
| 1 | Linux kernel | 3093ee182f | use-after-free | Goshawk |
| 2 | Linux kernel | 2bb817712e | double-free | Goshawk |
| 3 | Linux kernel | db74623a38 | use-after-free | Goshawk |
| 4 | Linux kernel | ea45b6008f | double-free | Goshawk |
| 5 | Linux kernel | 63415767a2 | use-after-free | Goshawk |
| 6 | Linux kernel | 6e5a03bcba | use-after-free | Goshawk |
| 7 | Linux kernel | 8392df5d7e | use-after-free | Goshawk |
| 8 | Linux kernel | f7cae626ca | double-free | Goshawk |
| 9 | Linux kernel | b25b343db0 | double-free | Goshawk |
| 10 | Linux kernel | a8e083ee8e | double-free | Goshawk |
| 11 | Linux kernel | 076de75de1 | double-free | Goshawk |
| 12 | Linux kernel | 6bf24dc0cc | double-free | Goshawk |
| 13 | Linux kernel | 6d72e7c767 | use-after-free | Goshawk |
| 14 | Linux kernel | 643001b47a | use-after-free | Goshawk |
| 15 | Linux kernel | 7525858679 | double-free | Goshawk |
| 16 | Linux kernel | 37df9f3fed | double-free | Goshawk |
| 17 | Linux kernel | 1b479fb801 | double-free | Goshawk |
| 18 | Linux kernel | 9ceee7d084 | use-after-free | Goshawk |
| 19 | Linux kernel | bdc2ab5c61 | use-after-free | Goshawk |
| 20 | Linux kernel | adb76a520d | use-after-free | Goshawk |
| 21 | Linux kernel | c8c165dea4 | use-after-free | Goshawk |
| 22 | Linux kernel | abec6561fc | use-after-free | Goshawk |
| 23 | Linux kernel | 1c98f57440 | use-after-free | Goshawk |
| 24 | Linux kernel | 34b39efa5a | double-free | Goshawk |
| 25 | Linux kernel | 72ce11ddfa | double-free | Goshawk |
| 26-27 | Linux kernel | 4fb44dd2c1 | use-after-free | Goshawk |
| 28 | Linux kernel | 52762efa2b | use-after-free | Goshawk |
| 29 | Linux kernel | 9272e5d002 | double-free | Goshawk |
| 30 | Linux kernel | ea995218dd | double-free | Goshawk |
| 31-32 | Linux kernel | 7272b591c4 | use-after-free | Goshawk |
| 33 | Linux kernel | 115726c5d3 | double-free | Goshawk |
| 34 | Linux kernel | 01fe904c9a | use-after-free | Goshawk |
| 35 | Linux kernel | 1404497 | double-free | Goshawk |
| 36-40 | Linux kernel | aadb22ba2f6 | use-after-free | Goshawk |
| 41 | Linux kernel | f973795a | double-free | Goshawk |
| 42 | Linux kernel | 7b0ddc134 | use-after-free | Goshawk |
| 43 | FreeBSD kernel | 255859 | use-after-free | Goshawk |
| 44 | FreeBSD kernel | 255862 | double-free | Goshawk |
| 45 | FreeBSD kernel | 255863 | use-after-free | Goshawk |
| 46 | FreeBSD kernel | 255864 | double-free | Goshawk |
| 47-48 | FreeBSD kernel | 255865 | use-after-free | Goshawk |
| 49 | FreeBSD kernel | 255866 | use-after-free | Goshawk |
| 50 | FreeBSD kernel | 255868 | use-after-free | Goshawk |
| 51 | FreeBSD kernel | 255869 | use-after-free | Goshawk |
| 52 | FreeBSD kernel | 255871 | use-after-free | Goshawk |
| 53 | FreeBSD kernel | 255872 | use-after-free | Goshawk |
| 54 | FreeBSD kernel | 255874 | double-free | Goshawk |
| 55 | FreeBSD kernel | 255875 | double-free | Goshawk |
| 56 | FreeBSD kernel | 255878 | double-free | Goshawk |
| 57 | FreeBSD kernel | 255879 | double-free | Goshawk |
| 58 | FreeBSD kernel | 255880 | double-free | Goshawk |
| 59 | FreeBSD kernel | 255881 | use-after-free | Goshawk |
| 60 | OpenSSL | 14910 | double-free | Goshawk |
| 61 | OpenSSL | 14913 | double-free | Goshawk |
| 62 | OpenSSL | 14914 | double-free | Goshawk |
| 63 | OpenSSL | 14915 | double-free | Goshawk |
| 64-67 | OpenSSL | 14916 | double-free | Goshawk |
| 68 | OpenSSL | 20278 | double-free | Goshawk |
| 69 | OpenSSL | 20299 | use-after-free | Goshawk |
| 70 | Redis | 8797 | use-after-free | Goshawk |
| 71-75 | Tencent-IoT-Explorer-SDK | 10 | double-free | Goshawk |
| 76-77 | Tencent-IoT-Explorer-SDK | 11 | use-after-free | Goshawk |
| 78-80 | Tencent-IoT-SDK | 37 | use-after-free | Goshawk |
| 81 | cJSON | 722 | null-pointer-crash | Hopper |
| 82 | cJSON | 726 | null-pointer-crash | Hopper |
| 83-84 | c-ares | 496 | stack-overflow | Hopper |
| 85 | libpng | 453 | invalid-string | Hopper |
| 86 | zlib | 761 | SEGV | Hopper |
| 87 | zlib | 837 | SEGV | Hopper |
| 88 | zlib | 840 | SEGV | Hopper |
| 89 | sqlite3 | bbbbb66b6b | SEGV | Hopper |
| 90 | Little-CMS | 350 | SEGV | Hopper |
| 91 | Little-CMS | 351 | SEGV | Hopper |
| 92 | Little-CMS | 353 | SEGV | Hopper |
| 93 | Little-CMS | 354 | SEGV | Hopper |
| 94 | Little-CMS | 355 | SEGV | Hopper |
| 95-96 | Libpcap | 1147 | SEGV | Hopper |
| 97-101 | Python | cef5438cc896 | null-pointer-dereference | SparrowHawk |
| 102 | Vim | b9616af23f31 | double-free | SparrowHawk |
| 103-104 | GnuTLS | Reported via mails | null-pointer-dereference | SparrowHawk |
| 105 | GnuTLS | Reported via mails | double-free | SparrowHawk |
| 106-117 | OpenHarmony (third-party) | by mails | null-pointer-dereference | SparrowHawk |
| 118 | Libaom | 3489 | SEGV | PromptFuzz |
| 119 | Libaom | 3509 | Uninitialized memory | PromptFuzz |
| 120 | Libaom | 3510 | Integer overflow | PromptFuzz |
| 121 | Libaom | 3534 | SEGV | PromptFuzz |
| 122 | LibVpx | 1817 | SEGV | PromptFuzz |
| 123 | LibVpx | 1827 | Buffer overflow | PromptFuzz |
| 124 | LibVpx | 1828 | Integer overflow | PromptFuzz |
| 125 | LibVpx | 1831 | Integer overflow | PromptFuzz |
| 126 | LibVpx | 1837 | SEGV | PromptFuzz |
| 127 | LibTIFF | CVE-2023-6277 (CVSS 6.5) |
OOM | PromptFuzz |
| 128 | LibTIFF | 619 | OOM | PromptFuzz |
| 129-130 | LibTIFF | 620 | OOM | PromptFuzz |
| 131 | LibTIFF | CVE-2023-52355 (CVSS 7.5 HIGH!) |
OOM | PromptFuzz |
| 132 | LibTIFF | CVE-2023-52356 (CVSS 7.5 HIGH!) |
SEGV | PromptFuzz |
| 133 | Sqlite3 | e77a5c3445 | null-pointer-crash | PromptFuzz |
| 134 | Sqlite3 | 9ce835fe96 | null-pointer-crash | PromptFuzz |
| 135 | Sqlite3 | 5e3fc453a6 | null-pointer-crash | PromptFuzz |
| 136-137 | c-ares | d62627e8b3 | Memory leak | PromptFuzz |
| 138 | Libjpeg-turbo | 735 | OOM | PromptFuzz |
| 139 | Libjpeg-turbo | 05652673 | OOM | PromptFuzz |
| 140 | libpcap | 1233 | File leak | PromptFuzz |
| 141 | libpcap | 1239 | null-pointer-crash | PromptFuzz |
| 142 | cJSON | 807 | null-pointer-crash | PromptFuzz |
| 143 | curl | 12775 | Abort | PromptFuzz |
