Qiang Liu is a postdoc at EPFL, working with Prof. Mathias Payer in the HexHive laboratory. He earned his Ph.D. in 2023 from Zhejiang University (ZJU) under the guidance of Prof. Yajin Zhou and a B.S. degree from the Beijing Institute of Technology (BIT) in 2018. His research in cybersecurity focuses on 1) developing prior-to/after-release security enforcement of software based on deep understanding, and 2) building the chain of trust examined by full-chain exploits. His work has been recognized at all top security conferences: IEEE S&P, Usenix Security, ACM CCS, and ISOC NDSS. He received the Best Paper Awards at USENIX Security'24 and ACM RAID'24. He is also serving on the program committee for IEEE/ACM ASE'25 and USENIX Security'25 and is a reviewer for ACM CSUR and ACM TOSEM.
Introduction in Chinese
刘强现为瑞士洛桑联邦理工学院(EPFL)HexHive实验室的博士后研究员,合作导师为Mathias Payer教授。
他于2023年博士毕业于浙江大学,师从周亚金教授。他的研究聚焦于系统安全,致力于从深层理解出发,
在软件发布前后实现有效的安全保障机制,同时围绕真实攻击路径构建和验证可信执行链。
他的多项研究成果已发表在IEEE S&P、USENIX Security、ACM CCS 和 NDSS 等国际顶级安全会议上,
并荣获USENIX Security 2024 和 ACM RAID 2024 最佳论文奖。
同时,他是IEEE/ACM ASE 2025 与 USENIX Security 2025 的程序委员会委员,
并为ACM CSUR 和 ACM TOSEM 等期刊担任审稿人。
Achievements#
- 🛠️ Grammar-based Arbitrary Hypervisor Fuzzing Framework (HyperPill[SEC24]/ViDeZZo[SP23]/Truman[NDSS25])
- 🏆 HyperPill won the best paper award at USENIX Security'24
- 🏆 Tango won the best paper award at ACM RAID'24
- 🛠️ Partial Rehosting of Linux-Based Firmware (FirmGuide[ASE21]/ECMO[CCS21])
Ongoing Projects#
Hypervisor Security
With the rapid advancement and widespread adoption of AI, cloud computing is
experiencing renewed momentum. At the core of secure cloud infrastructure lies a
vulnerability-free hypervisor. Embracing a full-lifecycle security approach, our
research focuses on identifying and resolving hypervisor vulnerabilities prior
to release, while also developing complementary defenses to mitigate attacks in
production environments. To drive deeper insights, we also develop real-world
exploits targeting state-of-the-art hypervisors.
AI System Security
The success of AI is fundamentally reshaping the entire computing stack, from
hardware to high-level software. As new codebases and specialized hardware
emerge to support AI workloads, longstanding security challenges are resurfacing
in modern contexts. Our research investigates security issues across multiple
layers of AI systems, focusing on compilers, interpreters, operating systems,
hypervisors, and heterogeneous hardware such as GPUs.
AI for System Understanding
Modern system software has reached a scale and complexity that surpasses human
cognitive limits. No individual can realistically comprehend the full breadth of
its specifications, source code, reviews, and development history. This
overwhelming volume of information poses serious challenges to effective
auditing, debugging, and security analysis. We envision a super model—a fusion
of Large Language Models (LLMs) and Knowledge Graphs (KGs)—to bridge the gap
between human understanding and large-scale system software. By encoding both
structured knowledge (e.g., specifications, test results) and unstructured
knowledge (e.g., source code, review discussions, crash reports), this model
will provide a unified, intelligent interface for low-level system
comprehension. As a collaborative assistant, the super model will help
developers and researchers understand system intent, behavior, and evolution,
significantly reducing manual effort in navigating, maintaining, and securing
complex system software.
Security Shift: from Defense to Resilience
The evolution of computing has progressed through several transformative
milestones—from standalone systems to personal computing and the Web 2.0 era,
followed by large-scale computing and deep learning, and more recently, the rise
of foundation models and AI breakthroughs. As we move into the next era—defined
by ubiquitous computing and heterogeneous system architectures—security
challenges are becoming more complex and distributed. In this new landscape,
computing devices take many forms: personal, enterprise-grade, and embedded
systems, all interconnected through a global edge fabric. The scale and
diversity of these environments demand a unified software ecosystem and robust,
adaptable security frameworks. Crucially, the security paradigm must shift:
success is no longer measured solely by the ability to block attacks. Instead,
the focus must be on resilience—ensuring rapid recovery, minimizing downtime,
and maintaining business continuity after incidents. We propose a thin,
scalable, and formally verified minimum recovery system as a foundational layer
to meet this challenge, enabling reliable, system-wide restoration in the face
of growing threats.
Weekend Projects#
Hacking Culture
We have focused too much on cool technology while neglecting the fun stories,
nerdy fonts, and meme creativity that are equally important. It's time to
systematically explore and celebrate hacking culture—not just to entertain
ourselves but also to inspire and attract more people to join us. Parents can
raise children who are independent and creative, teachers can guides students
who are collaborative and competitive, and entrepreneurs can engage customers
who are eager to buy innovative products. Be classy and be cool!