Biography

I am a senior software engineer at Google. Previously, I was a Security Researcher at Baidu X-Lab. I finished my Ph.D. at the College of Information Sciences and Technology, The Pennsylvania State University, in 2018. I was advised by Dr. Dinghao Wu. I received my master's degree from University of Waterloo (2012-2013) and my bachelor's degree from Peking University (2008-2012).

My research interest subsumes dependable software engineering, program analysis, formal methods, trusted execution environments, and software obfuscation. Recently I started to work on web security, mostly to fight XSS. I am actively exploring multiple security research domains. My work has been regularly recognized by both the industry and academia. See my publication list for the latest peer-reviewed work.

Open Source Projects

• tsec, An extended TypeScript compiler that checks Trusted Types compatibility.
• Teaclave, A Framework for Universal Secure Computing
• Anakin, High performance Cross-platform Inference-engine

Services

• Program Committee, ASE 2023
• Program Committee, ICSE-SEIP 2023
• Program Committee, ICSE-SEIP 2022
• Program Committee, ICSE 2021

Publications

• 2023

  • [ICSOFT] Source Code Implied Language Structure Abstraction through Backward Taint Analysis
    Zihao Wang, Pei Wang, Qinkun Bao and Dinghao Wu.
    In the 18th International Conference on Software Technologies, 2023. Short paper.
    
  • [ENASE] LibSteal: Model Extraction Attack towards Deep Learning Compilers by Reversing DNN Binary Library
    Jinquan Zhang, Pei Wang and Dinghao Wu.
    In the 18th International Conference on Evaluation of Novel Apporaches to Software Engineering, 2023. Short paper.
    

• 2021

  • [NAS] Characterizing AI Model Inference Applications Running in SGX Environment
    Shixiong Jing, Qinkun Bao, Pei Wang, Xulong Tang and Dinghao Wu.
    In the 15th IEEE International Conference on Networking, Architecture, and Storage, 2021. Short paper.
    
  • [SecWeb] Adopting Trusted Types in Production Web Frameworks to Prevent DOM-Based Cross-Site Scripting: A Case Study
    Pei Wang, Bjarki Ágúst Guðmundsson, Krzysztof Kotowicz.
    In the 2021 Workshop on Designing Security for the Web, co-located with the 6th IEEE European Symposium on Security and Privacy, 2021.
    
  • [ICSE] If It’s Not Secure, It Should Not Compile: Preventing DOM-Based XSS in Large-Scale Web Development with API Hardening
    Pei Wang, Julian Bangert, and Christoph Kern.
    In the 43rd International Conference on Software Engineering, 2021. Aceptance rate: 138/615 ≈ 22.4%.
    

• 2020

  • [EuroS&P] Quantitative Assessment on the Limitations of Code Randomization for Legacy Binaries
    Pei Wang, Jinquan Zhang, Shuai Wang, and Dinghao Wu.
    In the 5th IEEE European Symposium on Security and Privacy, 2020. Aceptance rate: 38/261 ≈ 14.6%.
  • [ICSE-SEIP] Building and Maintaining a Third-Party Library Supply Chain for Productive and Secure SGX Enclave Development
    Pei Wang^*, Yu Ding^*, Mingshen Sun, Huibo Wang, Tongxin Li, Rundong Zhou, Zhaofeng Chen, and Yiming Jing.
    In the 42nd International Conference on Software Engineering, the Software Engineering In Practice Track, 2020. Aceptance rate: 26/102 ≈ 25.5%.
    ^*Joint first authors.

• 2019

  • [CCS] Towards Memory Safety for Enclave Programs with Rust-SGX
    Huibo Wang, Pei Wang, Yu Ding, Mingshen Sun, Yiming Jing, Ran Duan, Long Li, Yulong Zhang, Tao Wei, and Zhiqiang Lin.
    In the 26th ACM Conference on Computer and Communications Security, 2019. Aceptance rate: 149/933 ≈ 16.0%.
  • [USENIX Security] Identifying Cache-Based Side Channels through Secret-Augmented Abstract Interpretation
    Shuai Wang, Yuyan Bao, Xiao Liu, Pei Wang, Danfeng Zhang, and Dinghao Wu.
    In the 28th USENIX Security Symposium, 2019. Acceptance rate: 113/719 ≈ 15.7%
  • [ICSE-SEET] Automatic Grading of Programming Assignments: An Approach Based on Formal Semantics
    Xiao Liu, Shuai Wang, Pei Wang, and Dinghao Wu.
    In the 41st International Conference on Software Engineering, the Software Engineering Education and Training Track, 2019.
  • [SPE] Field Experience with Obfuscating Million‐user iOS Apps in Large Enterprise Mobile Development
    Pei Wang, Dinghao Wu, Zhaofeng Chen, and Tao Wei.
    In Software: Practice and Experience, Volume 49, Issue 2, Wiley, Feb 2019.
    

• 2018

  • [TSE] Large-scale Third-party Library Detection in Android Markets
    Menghao Li^*, Pei Wang^*, Wei Wang, Shuai Wang, Dinghao Wu, Jian Liu, Rui Xue, Wei Huo, and Wei Zou.
    In Transactions on Software Engineering, IEEE, Oct 2018.
    ^*Joint first authors.
  • [ICSE-SEIP] Protecting Million-User iOS Apps with Obfuscation: Motivations, Pitfalls, and Experience
    Pei Wang, Dinghao Wu, Zhaofeng Chen, and Tao Wei.
    In the 40th International Conference on Software Engineering, the Software Engineering In Practice Track, 2018. Acceptance rate: 31/131 ≈ 23.7%.
  • [ICSE] Software Protection on the Go: A Large-Scale Empirical Study on Mobile App Obfuscation
    Pei Wang, Qinkun Bao, Li Wang, Shuai Wang, Zhaofeng Chen, Tao Wei, and Dinghao Wu.
    In the 40th International Conference on Software Engineering, 2018. Acceptance rate: 105/502 ≈ 20.9%.

• 2017

  • [FEAST] Binary Code Retrofitting and Hardening Using SGX
    Shuai Wang, Wenhao Wang, Qinkun Bao, Pei Wang, XiaoFeng Wang, and Dinghao Wu.
    In the 2nd Workshop on Forming an Ecosystem Around Software Transformation, 2017, co-located with CCS 2017.
  • [SecureComm] Lambda Obfuscation
    Pengwei Lan, Pei Wang, Shuai Wang, and Dinghao Wu.
    In the 13th EAI International Conference on Security and Privacy in Communication Networks, 2017. Acceptance rate: 31/105 ≈ 29.5%.
  • [SecureComm] Turing Obfuscation
    Yan Wang, Shuai Wang, Pei Wang, and Dinghao Wu.
    In the 13th EAI International Conference on Security and Privacy in Communication Networks, 2017. Acceptance rate: 31/105 ≈ 29.5%.
  • [ICSME] Semantics-Aware Machine Learning for Function Recognition in Binary Code
    Shuai Wang, Pei Wang, and Dinghao Wu.
    In the 33rd IEEE International Conference on Software Maintenance and Evolution, 2017. Acceptance rate: 42/151 ≈ 27.8%.
  • [ICSME] Composite Software Diversification
    Shuai Wang, Pei Wang, and Dinghao Wu.
    In the 33rd IEEE International Conference on Software Maintenance and Evolution, 2017. Acceptance rate: 42/151 ≈ 27.8%.
  • [USENIX Security] CacheD: Identifying Cache-Based Timing Channels in Production Software
    Shuai Wang, Pei Wang, Xiao Liu, Danfeng Zhang, and Dinghao Wu.
    In the 26th USENIX Security Symposium, 2017. Acceptance rate: 85/522 ≈ 16.3%.
  • [ICSE] LibD: Scalable and Precise Third-Party Library Detection in Android Markets
    Menghao Li, Wei Wang, Pei Wang, Shuai Wang, Dinghao Wu, Jian Liu, Rui Xue, and Wei Huo.
    In the 39th International Conference on Software Engineering, 2017. Acceptance rate: 68/415 ≈ 16.4%
    

• 2016

  • [CCS] CREDAL: Towards Locating a Memory Corruption Vulnerability with Your Core Dump
    Jun Xu, Dongliang Mu, Ping Chen, Xinyu Xing, Pei Wang, and Peng Liu.
    In the 23rd ACM Conference on Computer and Communications Security, 2016. Acceptance rate: 137/837 ≈ 16.4%
  • [EuroS&P] Translingual Obfuscation
    Pei Wang, Shuai Wang, Jiang Ming, Yufei Jiang, and Dinghao Wu.
    In the 1st IEEE European Symposium on Security and Privacy, 2016. Acceptance rate: 29/168 ≈ 17.3%
    Extended version: arXiv:1601.00763 [cs.CR]
  • [SANER] Uroboros: Instrumenting Stripped Binaries with Static Reassembling
    Shuai Wang, Pei Wang, and Dinghao Wu.
    In the 23rd IEEE International Conference on Software Analysis, Evolution, and Reengineering, 2016. Acceptance rate: 37/140 ≈ 26.4%

• Before 2016

  • [USENIX Security] Reassembleable Disassembling
    Shuai Wang, Pei Wang, and Dinghao Wu.
    In the 24th USENIX Security Symposium, 2015. Acceptance rate: 67/426 ≈ 15.7%
  • [MTD] Generating Precise Dependencies for Large Software
    Pei Wang, Jinqiu Yang, Lin Tan, Robert Kroeger, and J. David Morgenthaler.
    In the 4th International Workshop on Managing Technical Debt, 2013, collocated with ICSE '13.
  • [NSDI] eDoctor: Automatically Diagnosing Abnormal Battery Drain Issues on Smartphones
    Xiao Ma, Peng Huang, Xinxin Jin, Pei Wang, Soyeon Park, Dongcai Shen, Yuanyuan Zhou, Lawrence K. Saul, and Geoffrey M. Voelker.
    In the 10th USENIX Symposium on Networked Systems Design and Implementation, 2013. Acceptance rate: 38/171 ≈ 22.22%