Yeting Li
Yeting Li

Associate Professor at IIE, CAS

Short Bio

I am an associate professor at Institute of Information Engineering, Chinese Academy of Sciences (IIE, CAS).

Research Interests

  • Software Security; Program Analysis and Synthesis; Formal Languages and Automata Theory

Selected Publications

→ Full list

  • Semantic-Enhanced Static Vulnerability Detection in Baseband Firmware
    Yiming Liu, Cen Zhang, Feng Li, Yeting Li, Jianhua Zhou, Jian Wang, Lanlan Zhan, Yang Liu, Wei Huo:
    The 46th International Conference on Software Engineering (ICSE 2024, CCF-A), 14 - 20 April 2024, Lisbon, Portugal 🏆ACM SIGSOFT Distinguished Paper Award
  • File Hijacking Vulnerability: The Elephant in the Room
    Chendong Yu, Yang Xiao, Jie Lu, Yuekang Li, Yeting Li, Lian Li, Yifan Dong, Jian Wang, Jingyi Shi, Defang Bo, Wei Huo:
    The 31st Annual Network and Distributed System Security Symposium (NDSS 2024, CCF-A), 26 Feb - 1 March 2024, San Diego, California
  • Aster: Automatic Speech Recognition System Accessibility Testing for Stutterers
    Yi Liu, Yuekang Li, Gelei Deng, Felix Juefei-Xu, Yao Du, Cen Zhang, Chengwei Liu, Yeting Li, Lei Ma, Yang Liu:
    The 38th IEEE/ACM International Conference on Automated Software Engineering (ASE 2023, CCF-A), 11 - 15 Sep 2023, Kirchberg, Luxembourg
  • ACETest: Automated Constraint Extraction for Testing Deep Learning Operators
    Jingyi Shi, Yang Xiao, Yuekang Li, Yeting Li, Dongsong Yu, Chendong Yu, Hui Su, Yufeng Chen, Wei Huo:
    The 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2023, CCF-A), 17 - 21 July 2023, Washington, United States
  • Effective ReDoS Detection by Principled Vulnerability Modeling and Exploit Generation
    Xinyi Wang, Cen Zhang, Yeting Li*, Zhiwu Xu, Shuailin Huang, Yi Liu, Yican Yao, Yang Xiao, Yanyan Zou, Yang Liu, Wei Huo:
    The 44th IEEE Symposium on Security and Privacy (S&P 2023, CCF-A), 22 - 25 May 2023, San Francisco, CA
  • RegexScalpel: Regular Expression Denial of Service (ReDoS) Defense by Localize-and-Fix
    Yeting Li, Yecheng Sun, Zhiwu Xu, Jialun Cao, Yuekang Li, Rongchen Li, Haiming Chen, Shing-Chi Cheung, Yang Liu, Yang Xiao:
    The 31st USENIX Security Symposium (USENIX Security 2022, CCF-A), 10 - 12 Aug 2022, BOSTON, MA, USA
  • SemMT: A Semantic-Based Testing Approach for Machine Translation Systems
    Jialun Cao, Meiziniu Li, Yeting Li, Ming Wen, Shing-Chi Cheung, Haiming Chen:
    ACM Transactions on Software Engineering and Methodology (TOSEM 2022, CCF-A)
  • ReDoSHunter: A Combined Static and Dynamic Approach for Regular Expression DoS Detection
    Yeting Li, Zixuan Chen, Jialun Cao, Zhiwu Xu, Qiancheng Peng, Haiming Chen, Liyuan Chen, Shing-Chi Cheung:
    The 30th USENIX Security Symposium (USENIX Security 2021, CCF-A), 11 - 13 Aug 2021, Virtual
  • TransRegex: Multi-modal Regular Expression Synthesis by Generate-and-Repair
    Yeting Li, Shuaimin Li, Zhiwu Xu, Jialun Cao, Zixuan Chen, Yun Hu, Haiming Chen, Shing-Chi Cheung:
    The 43rd International Conference on Software Engineering (ICSE 2021, CCF-A), 25 - 28 May 2021, Virtual (originally in Madrid, Spain)
  • FlashRegex: Deducing Anti-ReDoS Regexes from Examples
    Yeting Li, Zhiwu Xu, Jialun Cao, Haiming Chen, Tingjian Ge, Shing-Chi Cheung, Haoren Zhao:
    The 35th IEEE/ACM International Conference on Automated Software Engineering (ASE 2020, CCF-A), 21 - 25 Sep 2020, Melbourne, Australia
  • FlashSchema: Achieving High Quality XML Schemas with Powerful Inference Algorithms and Large-scale Schema Data
    Yeting Li, Jialun Cao, Haiming Chen, Tingjian Ge, Zhiwu Xu, Qiancheng Peng:
    The 36th IEEE International Conference on Data Engineering (ICDE 2020, CCF-A), 20 - 24 Apr 2020, Dallas, Texas

Awards & Honors

  • National Scholarship, Ministry of Education of the People's Republic of China, 2015.
  • National Scholarship, Ministry of Education of the People's Republic of China, 2018.
  • CAS Presidential Scholarship (Excellence Award), Chinese Academy of Science (CAS), 2022.
  • CAS Special Research Assistant (SRA) Program, Chinese Academy of Science (CAS), 2022.

Contests

  • Excellence Award (7/1393), Third Big Data Competition, Baidu, Inc., 2017.

CVEs

We have found hundreds of ReDoS vulnerabilities in pypi/npm/maven packages, such as Python source code, postcss, ua-parser-js, etc. So far, 50+ vulnerabilities have been validated and assigned CVEs by the community, including snyk.io (e.g., CVE-2021-23354, CVE-2020-28493), MITRE Corporation (e.g., CVE-2020-29651), and package authors (e.g., CVE-2021-21317).

→ 50+ CVEs

Last Updated: 07/28/2022, 04:00:00 PM