Long Lu

Long Lu

Associate Professor of Computer Science

Northeastern University

Long Lu is an Associate Professor in the Khoury College of Computer Sciences, a core faculty member of the Cybersecurity and Privacy Institute, and a co-director for the SecLab (Systems Security Lab), at Northeastern University.

His research aims to secure low-level software in widely deployed or critical systems. He designs and builds novel program analysis and hardening techniques, hardware-backed primitives for security, and trusted/confidential computing environments. His recent work has focused on embedded and IoT/CPS systems.

Long has won an NSF CAREER Award, an Air Force Faculty Fellowship, two Google ASPIRE Awards, etc. His research is supported by the National Science Foundation, the Office of Naval Research, the Army Research Office, etc.


  • System Software Security
  • Program Analysis
  • Embedded Systems, IoT/CPS


  • Ph.D. in Computer Science, 2013

    Georgia Institute of Technology

  • B.S. in Information Security, 2007

    Shanghai Jiao Tong University

To prospective students and postdocs:

I’m recruiting new Ph.D. students and postdocs. If you share my research interests, have solid experience in the related fields, and are passionate about making real impacts, please reach out.


Our large-scale study on the (in)security of on-device machine learning models is to appear at USENIX Security'21.
Our KUBO paper, on precise and scalable detection of undefined behavior bugs in OS kernel, is to appear at NDSS 2021.
Google will sponsor our research on hardware-based memory safety via an ASPIRE Award.
NSF will fund our research on optimizing fuzzing for vulnerability coverage.
Two papers, FICS (finding bugs using your own code) and PTAuth (points-to authentication for temporal safety), are accepted by USENIX Security'21.

Recent Publications

Finding Bugs Using Your Own Code: Detecting Functionally-similar yet Inconsistent Code

Mind Your Weight(s): A Large-scale Study on Insufficient Machine Learning Model Protection in Mobile Apps

PTAuth: Temporal Memory Safety via Robust Points-to Authentication

DICE: Automatic Emulation of DMA Input Channels for Dynamic Firmware Analysis

Current Fundings

Google ASPIRE Award

Rethinking Fuzzing for Security

Google ASPIRE Award

Internet-of-Things (IoT) and Cyber-Physical Systems (CPS) Security

Automated Protocol Specialization and Diversification for Individualized Defense