Qiang Liu is a postdoc at EPFL, working with Prof. Mathias Payer in the HexHive laboratory. He earned his Ph.D. in 2023 from Zhejiang University (ZJU) under the guidance of Prof. Yajin Zhou and a B.S. degree from the Beijing Institute of Technology (BIT) in 2018. His research in cybersecurity focuses on 1) developing prior-to/after-release security enforcement of software based on deep understanding, and 2) building the chain of trust examined by full-chain exploits. His work has been recognized at all top security conferences: IEEE S&P, Usenix Security, ACM CCS, and ISOC NDSS. He received the Best Paper Awards at USENIX Security'24 and ACM RAID'24. He is also serving on the program committee for IEEE/ACM ASE'25 and USENIX Security'25 and is a reviewer for ACM CSUR and ACM TOSEM.

Introduction in Chinese
刘强现为瑞士洛桑联邦理工学院(EPFL)HexHive实验室的博士后研究员,合作导师为Mathias Payer教授。 他于2023年博士毕业于浙江大学,师从周亚金教授。他的研究聚焦于系统安全,致力于从深层理解出发, 在软件发布前后实现有效的安全保障机制,同时围绕真实攻击路径构建和验证可信执行链。 他的多项研究成果已发表在IEEE S&P、USENIX Security、ACM CCS 和 NDSS 等国际顶级安全会议上, 并荣获USENIX Security 2024 和 ACM RAID 2024 最佳论文奖。 同时,他是IEEE/ACM ASE 2025 与 USENIX Security 2025 的程序委员会委员, 并为ACM CSUR 和 ACM TOSEM 等期刊担任审稿人。

CV Google Scholar Email

Achievements#

Ongoing Projects#

Hypervisor Security
With the rapid advancement and widespread adoption of AI, cloud computing is experiencing renewed momentum. At the core of secure cloud infrastructure lies a vulnerability-free hypervisor. Embracing a full-lifecycle security approach, our research focuses on identifying and resolving hypervisor vulnerabilities prior to release, while also developing complementary defenses to mitigate attacks in production environments. To drive deeper insights, we also develop real-world exploits targeting state-of-the-art hypervisors.
AI System Security
The success of AI is fundamentally reshaping the entire computing stack, from hardware to high-level software. As new codebases and specialized hardware emerge to support AI workloads, longstanding security challenges are resurfacing in modern contexts. Our research investigates security issues across multiple layers of AI systems, focusing on compilers, interpreters, operating systems, hypervisors, and heterogeneous hardware such as GPUs.
AI for System Understanding
Modern system software has reached a scale and complexity that surpasses human cognitive limits. No individual can realistically comprehend the full breadth of its specifications, source code, reviews, and development history. This overwhelming volume of information poses serious challenges to effective auditing, debugging, and security analysis. We envision a super model—a fusion of Large Language Models (LLMs) and Knowledge Graphs (KGs)—to bridge the gap between human understanding and large-scale system software. By encoding both structured knowledge (e.g., specifications, test results) and unstructured knowledge (e.g., source code, review discussions, crash reports), this model will provide a unified, intelligent interface for low-level system comprehension. As a collaborative assistant, the super model will help developers and researchers understand system intent, behavior, and evolution, significantly reducing manual effort in navigating, maintaining, and securing complex system software.
Security Shift: from Defense to Resilience
The evolution of computing has progressed through several transformative milestones—from standalone systems to personal computing and the Web 2.0 era, followed by large-scale computing and deep learning, and more recently, the rise of foundation models and AI breakthroughs. As we move into the next era—defined by ubiquitous computing and heterogeneous system architectures—security challenges are becoming more complex and distributed. In this new landscape, computing devices take many forms: personal, enterprise-grade, and embedded systems, all interconnected through a global edge fabric. The scale and diversity of these environments demand a unified software ecosystem and robust, adaptable security frameworks. Crucially, the security paradigm must shift: success is no longer measured solely by the ability to block attacks. Instead, the focus must be on resilience—ensuring rapid recovery, minimizing downtime, and maintaining business continuity after incidents. We propose a thin, scalable, and formally verified minimum recovery system as a foundational layer to meet this challenge, enabling reliable, system-wide restoration in the face of growing threats.

Weekend Projects#

Hacking Culture
We have focused too much on cool technology while neglecting the fun stories, nerdy fonts, and meme creativity that are equally important. It's time to systematically explore and celebrate hacking culture—not just to entertain ourselves but also to inspire and attract more people to join us. Parents can raise children who are independent and creative, teachers can guides students who are collaborative and competitive, and entrepreneurs can engage customers who are eager to buy innovative products. Be classy and be cool!
Academic Family Tree of Computer Science Scholars
Lines of Code on Earth