Biography

Bo Feng is a PhD student in the computer science program at Northeastern University, advised by Professor Long Lu. Bo’s research is focused on automating bug-finding in IoT firmware by way of fuzzing. Bo is interested in detecting and reporting vulnerabilities in IoT systems with ease and ultimately developing more secure devices. Prior to joining CCIS, Bo earned his Bachelor’s in Computer Science from Wuhan University.

Education

• BEng, Wuhan University

About Me

• Hometown: Wuhan, China
• Field of Study: System Security
• PhD Advisors: Long Lu

What are the specifics of your graduate education (thus far)?

In my first year of PhD, I built an OS for x86-64 architecture with virtual memory, ring protection, pre-emptive scheduling and an in-memory file system from scratch, a compiler translating Java-like object-oriented programming language into MIPS assembly, and learned various system and network security principles through practice.

What are your research interests?

Currently I am working on automated bug finding in IoT firmware through fuzzing. Nowadays billions of IoT devices are deployed, the compromising of which can lead to data breaches, DDoS attacks, and can even harm human safety. Due to resource constraints, many IoT firmwares are written in C/C++, which suffers from memory corruption vulnerabilities. I am building a fuzzing system to find those vulnerabilities in IoT firmware in an automated way.

What’s one problem you’d like to solve with your research/work?

Find bugs in IoT firmware through our system, report it to vendors, and  build more secure IoT devices.

What aspect of what you do is most interesting?

Many computer systems are not designed and built with security in mind. I feel very excited about evaluating the security of those systems and enhancing them in practical ways with minimum programmers’ effort.