Colloquium - Building Vulnerability-Less Operating-System (OS) Kernels

March 26, 2021 - 4:00pm
Zoom - See emails for details
Kangjie Lu
Computer Science & Engineering | The University of Minnesota-Twin Cities

An operating-system (OS) kernel is arguably the most important piece of software in a computer. Modern OS kernels have become extremely large and complex, containing millions of lines of code. As a result, they are unfortunately very buggy, and a single security bug (or vulnerability) may compromise the whole computer. Detecting and eliminating security bugs in OS kernels are thus imperative. However, kernel-bug detection has been considered a hard problem due to inherent limitations with whole-kernel analysis and the lack of bug specifications or detection oracles. In this talk, I will share my recent research on detecting and patching security bugs in OS kernels, with three research endeavors: (1) development of building-block techniques that enable precise whole-kernel analysis, (2) automated type-agnostic detection of kernel bugs, and (3) timely and safe patching of critical kernel bugs. In addition, I will briefly share our patching experience with OSS communities.


Dr. Kangjie Lu portrait - submittedDr. Kangjie Lu is an assistant professor in the Computer Science &  Engineering Department of the University of Minnesota-Twin Cities. His research interests include security and privacy, program analysis, and operating systems. He is particularly interested in developing foundational techniques that enable security mechanisms and analyses, automatically finding and eliminating classes of vulnerabilities introduced by both developers and compilers, and hardening systems while preserving their reliability and efficiency. He won the best paper award at ACM CCS 2019. His research results are regularly published at top-tier venues and have led to many important security updates in the Linux kernel, the Android OS, the FreeBSD kernel, Apple’s iOS, OpenSSL, etc. He received his Ph.D. in Computer Science from the Georgia Institute of Technology. More details can be found at