Home
Publications
Activities

Publications

Note: * denotes the work where I served as the corresponding author

2025

  • Predator: Directed Web Application Fuzzing for Efficient Vulnerability Validation
    Chenlin Wang, Wei Meng, Changhua Luo, Penghui Li
    In Proceedings of the 46th IEEE Symposium on Security and Privacy (S&P), May 2025

2024

  • FuzzCache: Optimizing Web Application Fuzzing Through Software-Based Data Cache [PDF] [CODE]
    Penghui Li, Mingxue Zhang
    In Proceedings of the 31st ACM Conference on Computer and Communications Security (CCS), October 2024
    ★ Distinguished Paper Award

  • Test Suites Guided Vulnerability Validation for Node.js Applications [PDF] [CODE]
    Changhua Luo, Penghui Li*, Wei Meng, Chao Zhang
    In Proceedings of the 31st ACM Conference on Computer and Communications Security (CCS), October 2024

  • SDFuzz: Target States Driven Directed Fuzzing [PDF]
    Penghui Li, Wei Meng, Chao Zhang
    In Proceedings of the 33rd USENIX Security Symposium (Security), August 2024

  • Testing Graph Database Systems via Graph-Aware Metamorphic Relations [PDF] [CODE]
    Zeyang Zhuang, Penghui Li, Pingchuan Ma, Wei Meng, Shuai Wang
    In Proceedings of the 50th International Conference on Very Large Data Bases (VLDB), August 2024

  • Holistic Concolic Execution for Dynamic Web Applications via Symbolic Interpreter Analysis [PDF] [CODE]
    Penghui Li, Wei Meng, Mingxue Zhang, Chenlin Wang, Changhua Luo
    In Proceedings of the 45th IEEE Symposium on Security and Privacy (S&P), May 2024

2023

  • DDRace: Finding Concurrency UAF Vulnerabilities in Linux Drivers with Directed Fuzzing [PDF] [CODE]
    Ming Yuan, Bodong Zhao, Penghui Li, Jiashuo Liang, Xinhui Han, Xiapu Luo, Chao Zhang
    In Proceedings of the 32nd USENIX Security Symposium (Security), August 2023

  • SelectFuzz: Efficient Directed Fuzzing with Selective Path Exploration [PDF] [CODE]
    Changhua Luo, Wei Meng, Penghui Li
    In Proceedings of the 44th IEEE Symposium on Security and Privacy (S&P), May 2023

2022

  • SEDiff: Scope-Aware Differential Fuzzing to Test Internal Function Models in Symbolic Execution [PDF] [CODE]
    Penghui Li, Wei Meng, Kangjie Lu
    In Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (FSE), Research Track, November 2022

  • TChecker: Precise Static Inter-Procedural Analysis for Detecting Taint-Style Vulnerabilities in PHP Applications [PDF] [CODE]
    Changhua Luo, Penghui Li, Wei Meng
    In Proceedings of the 29th ACM Conference on Computer and Communications Security (CCS), November 2022
    ★ Best Paper Honorable Mention

2021

  • Understanding and Detecting Performance Bugs in Markdown Compilers [PDF] [CODE]
    Penghui Li, Yinxi Liu, Wei Meng
    In Proceedings of the 36th IEEE/ACM International Conference on Automated Software Engineering (ASE), Research Track, November 2021
    ★ Best Software Artifact Nomination

  • LChecker: Detecting Loose Comparison Bugs in PHP [PDF] [CODE]
    Penghui Li, Wei Meng
    In Proceedings of the Web Conference 2021 (WWW), Security Track, April 2021

  • On the Feasibility of Automated Built-in Function Modeling for PHP Symbolic Execution [PDF] [CODE]
    Penghui Li, Wei Meng, Kangjie Lu, Changhua Luo
    In Proceedings of the Web Conference 2021 (WWW), Security Track, April 2021

Theses

  • Detecting Correctness, Security, and Performance Bugs in Software Systems with Automated Analysis and Testing
    Penghui Li
    Ph.D. Thesis in Computer Science and Engineering, The Chinese University of Hong Kong, July 2023

  • Detecting CPU Exhaustion Denial-of-Service Vulnerabilities in Web Applications
    Penghui Li
    B.Eng. Thesis in Computer Science and Technology, University of Chinese Academy of Sciences, June 2019