Updated on August 27 2017 PDF version

Long Lu

Assistant Professor
College of Computer and Information Science
Northeastern University
l.lu@northeastern.edu    www.longlu.org
_________

Education

Ph.D.

Aug 2008 -

School of Computer Science, Georgia Institute of Technology, Atlanta, GA

Aug 2013

Thesis: Securing Systems and Software Against Attacks Targeting Unwary Users

Advisor: Prof. Wenke Lee

B.Sc.

Aug 2003 -

Shanghai Jiao Tong University, Shanghai, China

Jun 2007

University-Wide Honor Graduate, majored in information security


Research Interests

My research aims to identify and thwart security threats that plague widely used computer systems and software. My recent work is focused on mobile devices and Internet-of-Things. I’m interested in inventing threat detection and prevention techniques that are rooted in new operating system designs and program analysis methods. I enjoy building these techniques into real and useful systems and software tools.

Professional Experience

Tenure-track Assistant Professor

Aug 2017 -

College of Computer and Information Science, Northeastern University, Boston, MA

present

Tenure-track Assistant Professor

Aug 2013 -

Computer Science Department, Stony Brook University, Stony Brook, NY

Aug 2017

Graduate Research Assistant

Aug 2008 -

School of Computer Science, Georgia Institute of Technology, Atlanta, GA

July 2013

Research Intern

May 2012 -

Microsoft Research, Redmond, WA

Aug 2012

Research Intern

May 2011 -

NEC Labs America, Princeton, NJ

Nov 2011

Research Intern

May 2010 -

Microsoft Research, Redmond, WA

Aug 2010

Research Intern

May 2009 -

SRI International, Menlo Park, CA

Aug 2009
Academic Services & Activities

Journal Reviewer

  • ACM Transactions on Information and System Security (TISSEC)
  • IEEE Transactions on Information Forensics & Security (TIFS)
  • ACM Transactions on Internet Technology (TOIT)

Program Committees & Panels

  • IEEE Symposium on Security and Privacy (S&P) 2018;
  • The Network and Distributed System Security Symposium (NDSS) 2018;
  • The 26th USENIX Security Symposium (Security) 2017;
  • NSF CNS Panel 2017;
  • The 54th Design Automation Conference (DAC) 2017;
  • Shadow PC Co-chair, ACM Symposium on Information, Computer and Communications Security (ASIACCS) 2017;
  • The Network and Distributed System Security Symposium (NDSS) 2017;
  • PC Co-chair, The 6th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM) 2016;
  • NSF CNS Panel 2016;
  • ACM Conference on Computer and Communications Security (CCS) 2016;
  • Annual Computer Security Applications Conference (ACSAC) 2016;
  • The 9th European Workshop on Systems Security (EuroSec) 2016;
  • ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec) 2016;
  • PC Chair, Mobile Security Technologies (MoST) 2016;
  • ACM Conference on Computer and Communications Security (CCS) 2015;
  • Annual Computer Security Applications Conference (ACSAC) 2015;
  • The 24th USENIX Security Symposium (Security) 2015;
  • The 24th International World Wide Web Conference (WWW) 2015;
  • Mobile Security Technologies (MoST) 2015;
  • ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec) 2015;
  • The Network and Distributed System Security Symposium (NDSS) 2015;
  • ACM Conference on Computer and Communications Security (CCS) 2014;
  • Annual Computer Security Applications Conference (ACSAC) 2014;
  • Mobile Security Technologies (MoST) 2014;
  • ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec) 2014;
  • The Network and Distributed System Security Symposium (NDSS) 2014;
  • Annual Computer Security Applications Conference (ACSAC) 2013;

External Reviewer

  • IEEE Symposium on Security and Privacy (Oakland) 2011, 2014;
  • ACM Conference on Computer and Communications Security (CCS) 2012, 2013;
  • USENIX Symposium on Networked Systems Design and Implementation (NSDI) 2012;
  • ACM Symposium on Information Computer and Communications Security (ASIA-CCS) 2012;
  • USENIX Security Symposium (Security) 2011;
  • The Network and Distributed System Security Symposium (NDSS) 2010;

Teaching

  • Computer Security Fundamentals (CSE 331), Stony Brook University, Fall 2016;
  • Introduction to Computer Security (ISE 331), Stony Brook University, Spring 2016;
  • Network Security (CSE 408), Stony Brook University, Spring 2015;
  • Systems Security (CSE509), Stony Brook University, Fall 2014;
  • Network Security (CSE508), Stony Brook University, Spring 2014;
  • Advanced Computer Security (CSE608), Stony Brook University, Fall 2013;
Honors & Awards

NSF CAREER Award, 2017
U.S. Air Force Research Lab Summer Faculty Fellowship, 2016
Georgia Tech nomination for Google Research Fellowship, 2012
AT&T Best Applied Security Paper Award Finalist, 2011
Microsoft Trustworthy Computing Fellowship, 2008
University-Wide Honor Graduate from Shanghai Jiao Tong University, 2007

Publications

[16]   Yaohui Chen, Dongli Zhang, Ruowen Wang, Rui Qiao, Ahmed Azab, Long Lu, Hayawardh Vijayakumar, and Wenbo Shen. Norax: Enabling execute-only memory for COTS binaries on AArch64. In Proceedings of the 38th IEEE Symposium on Security and Privacy, S&P/Oakland’17.

[15]   Drew Davidson, Yaohui Chen, Franklin George, Long Lu, and Somesh Jha. Secure integration of web content and applications on commodity mobile operating systems. In Proceedings of the 12th ACM on Asia Conference on Computer and Communications Security, AsiaCCS’17.

[14]   Arash Alavi, Alan Quach, Hang Zhang, Bryan Marsh, Farhan Ul Haq, Zhiyun Qian, Long Lu, and Rajiv Gupta. Where is the weakest link? a study on security discrepancies between android apps and their website counterparts. In International Conference on Passive and Active Network Measurement, PAM’17.

[13]   Suwen Zhu, Long Lu, and Kapil Singh. Case: Comprehensive application security enforcement on cots mobile devices. In Proceedings of the 14th International Conference on Mobile Systems, Applications, and Services, MobiSys’16.

[12]   Yaohui Chen, Sebassujeen Reymondjohnson, Zhichuang Sun, and Long Lu. Shreds: Fine-grained execution units with private memory. In Proceedings of the 37th IEEE Symposium on Security and Privacy, S&P/Oakland’16.

[11]   Yue Chen, Zhi Wang, David Whalley, and Long Lu. Remix: On-demand live randomization. In Proceedings of the 6th ACM Conference on Data and Application Security and Privacy, CODASPY’16.

[10]   Christopher Neasbitt, Bo Li, Roberto Perdisci, Long Lu, Kapil Singh, and Kang Li. Webcapsule: Towards a lightweight forensic engine for web browsers. In Proceedings of the 2015 ACM Conference on Computer and Communications Security, CCS’15.

[9]   Byoungyoung Lee, Chengyu Song, Yeongjin Jang, Tielei Wang, Taesoo Kim, Long Lu, and Wenke Lee. Preventing use-after-free with dangling pointers nullification. In Proceedings of the 2015 Network and Distributed System Security Symposium, NDSS’15.

[8]   Kangjie Lu, Zhichun Li, Vasileios Kemerlis, Zhenyu Wu, Long Lu, Cong Zheng, Zhiyun Qian, Wenke Lee, and Guofei Jiang. Checking more and alerting less: Detecting privacy leakages via enhanced data-flow analysis and peer voting. In Proceedings of the 2015 Network and Distributed System Security Symposium, NDSS’15.

[7]   Byoungyoung Lee, Long Lu, Tielei Wang, Taesoo Kim, and Wenke Lee. From zygote to morula: Fortifying weakened aslr on android. In Proceedings of the 35th IEEE Symposium on Security and Privacy, S&P/Oakland’14.

[6]   Tielei Wang, Kangjie Lu, Long Lu, Simon Chong, and Wenke Lee. Jekyll on ios: When benign apps become evil. In Proceedings of the 22nd USENIX Security Symposium, USENIX Security’13.

[5]   Long Lu, Zhichun Li, Zhenyu Wu, Wenke Lee, and Guofei Jiang. Chex: statically vetting android apps for component hijacking vulnerabilities. In Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS ’12.

[4]   Christian Seifert, Jack W Stokes, Christina Colcernian, John C Platt, and Long Lu. Robust scareware image detection. In Proceedings of the 38th International Conference on Acoustics, Speech, and Signal Processing, ICASSP ’13.

[3]   Long Lu, Roberto Perdisci, and Wenke Lee. Surf: detecting and measuring search poisoning. In Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS ’11.

[2]   Long Lu, Vinod Yegneswaran, Phillip Porras, and Wenke Lee. Blade: an attack-agnostic approach for preventing drive-by malware infections. In Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS ’10.

[1]   Martim Carbone, Weidong Cui, Long Lu, Wenke Lee, Marcus Peinado, and Xuxian Jiang. Mapping kernel objects to enable systematic integrity checking. In Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS ’09.

Patents
Application pending

Android App Analytics: A Scalable App Vetting Service

US 20120030760

Method and Apparatus for Combating Web-Based Surreptitious Binary Installations

US 20120030760

Scareware Detection

Research Grants
  • CAREER: Rethinking Mobile Security in the New Age of App-as-a-Platform (forthcoming, 2017.3–2022.3), PI: Long Lu, Sponsor: National Science Foundation, Amount: $500,543
  • ReARM: Protecting ARM Binaries via Load-time Reduction and Run-time Read-Protection (forthcoming, 2017.3–2020.3), PI: Long Lu, Co-PI: Radu Sion, Sponsor: Office of Naval Research, Amount: $800,000
  • Enabling Secure Integration of Web and Mobile: A Principled Multi-Level Approach (2016.11–2019.11), PI: Long Lu (in collaboration with U. Wisconsin), Sponsor: Army Research Office, Amount: $570,000
  • MALDIVES: Developing a Comprehensive Understanding of Malware Delivery Mechanisms (2015.9–2019.3), PI: Long Lu (in collaboration with SRI and UIC), Sponsor: National Science Foundation, Amount: $399,593 (Lu’s portion)
  • Cross-application and Cross-platform Tracking of Web Users: Techniques and Countermeasures (2015.9–2018.8), PI: Nick Nikiforakis, Co-PI: Long Lu, Sponsor: National Science Foundation, Amount: $245,000 (Lu’s portion)
  • Software Diversification for Attack Prevention and Forecasting (2015.7–2018.6), PI: Michalis Polychronakis, Co-PIs: Long Lu and R. Sekar, Sponsor: Office of Naval Research, Amount: $263,012 (Lu’s portion)
  • Enabling Secure and Trustworthy Compartments in Mobile Applications (2014.8–2017.08), PI: Long Lu, Sponsor: National Science Foundation, Amount: $499,932
  • A Static Approach to Vetting Vulnerable Android Apps (2013.10–2014.10), PI: Long Lu, Sponsor: Air Force Research Laboratory, Amount: $10,000

Total amount: $3,288,080