Yeting Li
Associate Professor at IIE, CAS
liyeting (at) iie (dot) ac (dot) cn
Short Bio
I am an associate professor at Institute of Information Engineering, Chinese Academy of Sciences (IIE, CAS).
Research Interests
- Software Security; Program Analysis and Synthesis; Formal Languages and Automata Theory
Selected Publications
- Semantic-Enhanced Static Vulnerability Detection in Baseband
Firmware
Yiming Liu, Cen Zhang, Feng Li, Yeting Li, Jianhua Zhou, Jian Wang, Lanlan Zhan, Yang Liu, Wei Huo:
The 46th International Conference on Software Engineering (ICSE 2024, CCF-A), 14 - 20 April 2024, Lisbon, Portugal 🏆ACM SIGSOFT Distinguished Paper Award - File Hijacking Vulnerability: The Elephant in the Room
Chendong Yu, Yang Xiao, Jie Lu, Yuekang Li, Yeting Li, Lian Li, Yifan Dong, Jian Wang, Jingyi Shi, Defang Bo, Wei Huo:
The 31st Annual Network and Distributed System Security Symposium (NDSS 2024, CCF-A), 26 Feb - 1 March 2024, San Diego, California - Aster: Automatic Speech Recognition System Accessibility Testing for Stutterers
Yi Liu, Yuekang Li, Gelei Deng, Felix Juefei-Xu, Yao Du, Cen Zhang, Chengwei Liu, Yeting Li, Lei Ma, Yang Liu:
The 38th IEEE/ACM International Conference on Automated Software Engineering (ASE 2023, CCF-A), 11 - 15 Sep 2023, Kirchberg, Luxembourg - ACETest: Automated Constraint Extraction for Testing Deep Learning Operators
Jingyi Shi, Yang Xiao, Yuekang Li, Yeting Li, Dongsong Yu, Chendong Yu, Hui Su, Yufeng Chen, Wei Huo:
The 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2023, CCF-A), 17 - 21 July 2023, Washington, United States - Effective ReDoS Detection by Principled Vulnerability Modeling and Exploit Generation
Xinyi Wang, Cen Zhang, Yeting Li*, Zhiwu Xu, Shuailin Huang, Yi Liu, Yican Yao, Yang Xiao, Yanyan Zou, Yang Liu, Wei Huo:
The 44th IEEE Symposium on Security and Privacy (S&P 2023, CCF-A), 22 - 25 May 2023, San Francisco, CA - RegexScalpel: Regular Expression Denial of Service (ReDoS)
Defense by Localize-and-Fix
Yeting Li, Yecheng Sun, Zhiwu Xu, Jialun Cao, Yuekang Li, Rongchen Li, Haiming Chen, Shing-Chi Cheung, Yang Liu, Yang Xiao:
The 31st USENIX Security Symposium (USENIX Security 2022, CCF-A), 10 - 12 Aug 2022, BOSTON, MA, USA - SemMT: A Semantic-Based Testing Approach for Machine Translation Systems
Jialun Cao, Meiziniu Li, Yeting Li, Ming Wen, Shing-Chi Cheung, Haiming Chen:
ACM Transactions on Software Engineering and Methodology (TOSEM 2022, CCF-A) - ReDoSHunter: A Combined Static and Dynamic Approach for Regular Expression DoS Detection
Yeting Li, Zixuan Chen, Jialun Cao, Zhiwu Xu, Qiancheng Peng, Haiming Chen, Liyuan Chen, Shing-Chi Cheung:
The 30th USENIX Security Symposium (USENIX Security 2021, CCF-A), 11 - 13 Aug 2021, Virtual - TransRegex: Multi-modal Regular Expression Synthesis by Generate-and-Repair
Yeting Li, Shuaimin Li, Zhiwu Xu, Jialun Cao, Zixuan Chen, Yun Hu, Haiming Chen, Shing-Chi Cheung:
The 43rd International Conference on Software Engineering (ICSE 2021, CCF-A), 25 - 28 May 2021, Virtual (originally in Madrid, Spain) - FlashRegex: Deducing Anti-ReDoS Regexes from Examples
Yeting Li, Zhiwu Xu, Jialun Cao, Haiming Chen, Tingjian Ge, Shing-Chi Cheung, Haoren Zhao:
The 35th IEEE/ACM International Conference on Automated Software Engineering (ASE 2020, CCF-A), 21 - 25 Sep 2020, Melbourne, Australia - FlashSchema: Achieving High Quality XML Schemas with Powerful Inference Algorithms and
Large-scale Schema Data
Yeting Li, Jialun Cao, Haiming Chen, Tingjian Ge, Zhiwu Xu, Qiancheng Peng:
The 36th IEEE International Conference on Data Engineering (ICDE 2020, CCF-A), 20 - 24 Apr 2020, Dallas, Texas
Awards & Honors
- National Scholarship, Ministry of Education of the People's Republic of China, 2015.
- National Scholarship, Ministry of Education of the People's Republic of China, 2018.
- CAS Presidential Scholarship (Excellence Award), Chinese Academy of Science (CAS), 2022.
- CAS Special Research Assistant (SRA) Program, Chinese Academy of Science (CAS), 2022.
Contests
- Excellence Award (7/1393), Third Big Data Competition, Baidu, Inc., 2017.
CVEs
We have found hundreds of ReDoS vulnerabilities in pypi/npm/maven packages, such as Python source code, postcss, ua-parser-js, etc. So far, 50+ vulnerabilities have been validated and assigned CVEs by the community, including snyk.io (e.g., CVE-2021-23354, CVE-2020-28493), MITRE Corporation (e.g., CVE-2020-29651), and package authors (e.g., CVE-2021-21317).