About

Le Guan

Assistant Professor

School of Computing

The University of Georgia

I am an Assistant Professor of cybersecurity in the School of Computing at the University of Georgia, and a member of the UGA Institute for Cybersecurity and Privacy. Before joining UGA, I was a post-doctoral researcher at Penn State. My research interests cover a wide range of systems security and software security. I am especially interested in leveraging COTS hardware components/features to design and build systems that are more reliable and secure than solutions based on software alone.

Currently, I am actively involved in research focused on advancing the state of the art in firmware analysis. I am grateful for receiving support from the NSF CAREER Award for this project.

Opening: I am looking for self-motivated Ph.D. students. Please send me your CV if interested. Candidates are expected to have a solid background in system programming and operating systems.

Interests

Firmware Analysis
Systems Security
Software Security
IoT Security

Education

PhD in Information Security, 2015

University of Chinese Academy of Sciences
B.S. in Information Security, 2009

University of Science and Technology of China

Selected Publications

Unveiling IoT Security in Reality: A Firmware-Centric Journey

Nicolas Nino, Ruibo Lu, Wei Zhou, Kyu Hyung Lee, Ziming Zhao, Le Guan

33th USENIX Security Symposium (Security '24)

PDF | Source Code
SoK: Where’s the “up”?! A Comprehensive (bottom-up) Study on the Security of Arm Cortex-M Systems

Xi Tan, Zheyuan Ma, Sandro Pinto, Le Guan, Ning Zhang, Jun Xu, Zhiqiang Lin, Hongxin Hu, Ziming Zhao

2024 USENIX WOOT Conference on Offensive Technologies (WOOT '24)

PDF | Source Code
Facilitating Non-Intrusive In-Vivo Firmware Testing with Stateless Instrumentation

Jiameng Shi, Wenqiang Li, Wenwen Wang, Le Guan

31st Network and Distributed System Security Symposium (NDSS ‘24)

PDF | Source Code

Publications

2024

Unveiling IoT Security in Reality: A Firmware-Centric Journey

Nicolas Nino, Ruibo Lu, Wei Zhou, Kyu Hyung Lee, Ziming Zhao, Le Guan

33th USENIX Security Symposium (Security '24)

PDF | Source Code
SoK: Where’s the “up”?! A Comprehensive (bottom-up) Study on the Security of Arm Cortex-M Systems

Xi Tan, Zheyuan Ma, Sandro Pinto, Le Guan, Ning Zhang, Jun Xu, Zhiqiang Lin, Hongxin Hu, Ziming Zhao

2024 USENIX WOOT Conference on Offensive Technologies (WOOT '24)

PDF | Source Code
Facilitating Non-Intrusive In-Vivo Firmware Testing with Stateless Instrumentation

Jiameng Shi, Wenqiang Li, Wenwen Wang, Le Guan

31st Network and Distributed System Security Symposium (NDSS ‘24)

PDF | Source Code
InvisiGuard: Data Integrity for Microcontroller-Based Devices via Hardware-Triggered Write Monitoring

Dongliang Fang, Anni Peng, Le Guan, Erik van der Kouwe, Klaus von Gleissenthall, Wenwen Wang, Yuqing Zhang, Limin Sun

IEEE Transactions on Dependable and Secure Computing (TDSC), 2024

PDF | Source Code
Bitmap-Based Security Monitoring for Deeply Embedded Systems

Anni Peng, Dongliang Fang, Le Guan, Erik van der Kouwe, Yin Li, Wenwen Wang, Limin Sun, Yuqing Zhang

ACM Transactions on Software Engineering and Methodology (TOSEM), 2024

PDF | Source Code

2023

Physical Devices-Agnostic Hybrid Fuzzing of IoT Firmware

Lingyun Situ, Chi Zhang, Le Guan, Zhiqiang Zuo, Linzhang Wang, Xuandong Li, Peng Liu, Jin Shi

IEEE Internet of Things Journal

PDF | Source Code
CAUSEC: Cache-based Secure Key Computation with (Mostly) Deprivileged Execution

Shariful Alam, Le Guan, Zeyu Chen, Haining Wang, Jidong Xiao

2023 IEEE 43nd International Conference on Distributed Computing Systems (ICDCS ‘23)

PDF | Source Code
Detecting Vulnerabilities in Linux-based Embedded Firmware with SSE-based On-demand Alias Analysis

Kai Cheng, Yaowen Zheng, Tao Liu, Le Guan, Peng Liu, Hong Li, Hongsong Zhu, Kejiang Ye, Limin Sun

2023 ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA ‘23)

PDF | Source Code
Understanding MPU Usage in Microcontroller-based Systems in the Wild

Wei Zhou, Zhouqi Jiang, Le Guan

Workshop on Binary Analysis Research (BAR ‘23)

PDF | Source Code

2022

Good Motive but Bad Design: Pitfalls in MPU Usage in Embedded Systems in the Wild

Wei Zhou, Zhouqi Jiang, Le Guan

Black Hat Europe ‘22

PDF | Source Code
What Your Firmware Tells You Is Not How You Should Emulate It: A Speciﬁcation-Guided Approach for Firmware Emulation

Wei Zhou, Lan Zhang, Le Guan, Peng Liu, Yuqing Zhang

2022 ACM Conference on Computer and Communications Security (CCS ‘22)

PDF | Source Code
HARM: Hardware-assisted Continuous Re-randomization for Microcontrollers

Jiameng Shi, Le Guan, Wenqiang Li, Dayou Zhang, Ping Chen, Ning Zhang

2022 IEEE European Symposium on Security and Privacy (EuroS&P 2022)

PDF | Source Code
𝜇AFL: Non-intrusive Feedback-driven Fuzzing for Microcontroller Firmware

Wenqiang Li, Jiameng Shi, and Fengjun Li, Jingqiang Lin, Wei Wang, Le Guan

2022 IEEE/ACM 44rd International Conference on Software Engineering (ICSE ‘22)

PDF | Source Code

2021

ICS3Fuzzer: A Framework for Discovering Protocol Implementation Bugs in ICS Supervisory Software by Fuzzing

Dongliang Fang, Zhanwei Song, Le Guan, Puzhuo Liu, Anni Peng, Kai Cheng, Yaowen Zheng, Peng Liu, Hongsong Zhu, Limin Sun

Proceedings of the 37th Annual Computer Security Applications Conference (ACSAC ‘21)

PDF | Source Code
Automatic Firmware Emulation through Invalidity-guided Knowledge Inference

Wei Zhou, Le Guan, Peng Liu, Yuqing Zhang

30th USENIX Security Symposium, (Security ‘21)

PDF | Source Code
From Library Portability to Para-rehosting: Natively Executing Open-source Microcontroller OSs on Commodity Hardware

Wenqiang Li, Le Guan, Jingqiang Lin, Jiameng Shi, Fengjun Li

28th Network and Distributed System Security Symposium, NDSS ‘21

PDF | Source Code
Reviewing IoT Security via Logic Bugs in IoT Platforms and Systems

Wei Zhou, Chen Cao, Dongdong Huo, Kai Cheng, Lan Zhang, Le Guan, Tao Liu, Yan Jia, Yaowen Zheng, Yuqing Zhang, Limin Sun, Yazhe Wang, Peng Liu

IEEE Internet of Things Journal

PDF | Source Code

2020 and earlier

Device-Agnostic Firmware Execution is Possible: A Concolic Execution Approach for Peripheral Emulation

Chen Cao, Le Guan, Jiang Ming, Peng Liu

Annual Computer Security Applications Conference (ACSAC ‘20)

PDF | Source Code
Cyber-Physical Security of Powertrain Systems in Modern Electric Vehicles: Vulnerabilities, Challenges and Future Visions

Jin Ye, Lulu Guo, Bowen Yang, Fangyu Li, Liang Du, Le Guan, Wenzhan Song

IEEE Journal of Emerging and Selected Topics in Power Electronics

PDF | Source Code
Systematic Assessment of Cyber-physical Security of Energy Management System for Connected and Automated Electric Vehicles

Lulu Guo, Bowen Yang, Jin Ye, Hong Chen, Fangyu Li, Wenzhan Song, Liang Du, Le Guan

IEEE Transactions on Industrial Informatics

PDF | Source Code
TF-BIV: Transparent and Fine-grained Binary Integrity Verification in the Cloud

Fangjie Jiang, Quanwei Cai, Jingqiang Lin, Bo Luo, Le Guan, Ziqiang Ma

Proceedings of the 35rd Annual Computer Security Applications Conference (ACSAC ’19)

PDF | Source Code
Secure Cryptography Infrastructures in the Clouds

Dawei Chu, Kaijie Zhu, Quanwei Cai, Jingqiang Lin, Fengjun Li, Le Guan, Lingchen Zhang

2019 IEEE Global Communications Conference, GLOBECOM’19

PDF | Source Code
Discovering and Understanding the Security Hazards in the Interactions between IoT Devices, Mobile Apps, and Clouds on Smart Home Platforms

Wei Zhou, Yan Jia, Yao Yao, Lipeng Zhu, Le Guan, Yuhang Mao, Peng Liu, Yuqing Zhang

28th USENIX Security Symposium, Security’19

PDF | Source Code
Mimosa: Protecting Private Keys against Memory Disclosure Attacks using Hardware Transactional Memory

Congwu Li, Le Guan, Jingqiang Lin, Bo Luo, Quanwei Cai, Jiwu Jing, Jing Wang

IEEE Transactions on Dependable and Secure Computing

PDF | Source Code
Protecting Mobile Devices from Physical Memory Attacks with Targeted Encryption

Le Guan, Chen Cao, Sencun Zhu, Jingqiang Lin, Peng Liu, Yubin Xia, Bo Luo

12th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec’19

PDF | Source Code
Copker: A Cryptographic Engine Against Cold-Boot Attacks

Le Guan, Jingqiang Lin, Ziqiang Ma, Bo Luo, Luning Xia, Jiwu Jing

IEEE Transactions on Dependable and Secure Computing

PDF | Source Code
Building a Trustworthy Execution Environment to Defeat Exploits from both Cyber Space and Physical Space for ARM

Le Guan, Chen Cao, Peng Liu, Xinyu Xing, Xinyang Ge, Shengzhi Zhang, Meng Yu, Trent Jaeger

IEEE Transactions on Dependable and Secure Computing

PDF | Source Code
VaultIME: Regaining User Control for Password Managers through Auto-correction

Le Guan, Sadegh Farhang, Yu Pu, Pinyao Guo, Jens Grossklags, Peng Liu

EAI Endorsed Transactions on Security and Safety

PDF | Source Code
CryptMe: Data Leakage Prevention for Unmodified Programs on ARM Devices

Chen Cao, Le Guan, Ning Zhang, Neng Gao, Jingqiang Lin, Bo Luo, Peng Liu, Ji Xiang, Wenjing Lou

Research in Attacks, Intrusions, and Defenses (RAID '18)

PDF | Source Code
Enforcing Access Controls for the Cryptographic Cloud Service Invocation Based on Virtual Machine Introspection

Fangjie Jiang, Quanwei Cai, Le Guan, Jingqiang Lin

Information Security

PDF | Source Code
Supporting Transparent Snapshot for Bare-metal Malware Analysis on Mobile Devices

Le Guan, Shijie Jia, Bo Chen, Fengwei Zhang, Bo Luo, Jingqiang Lin, Peng Liu, Xinyu Xing, Luning Xia

Proceedings of the 33rd Annual Computer Security Applications Conference, ACSAC’17

PDF | Source Code
TrustShadow: Secure Execution of Unmodified Applications with ARM TrustZone

Le Guan, Peng Liu, Xinyu Xing, Xinyang Ge, Shengzhi Zhang, Meng Yu, Trent Jaeger

Proceedings of the 15th Annual International Conference on Mobile Systems, Applications, and Services, MobiSys’17

PDF | Source Code
VCIDS: Collaborative Intrusion Detection of Sensor and Actuator Attacks on Connected Vehicles

Pinyao Guo, Hunmin Kim, Le Guan, Minghui Zhu, Peng Liu

Security and Privacy in Communication Networks: 13th International Conference, SecureComm '17

PDF | Source Code
VaultIME: Regaining User Control For Password Managers through Auto-correction

Le Guan, Sadegh Farhang, Yu Pu, Pinyao Guo, Jens Grossklags, Peng Liu

Security and Privacy in Communication Networks: 13th International Conference, SecureComm '17

PDF | Source Code
Secure Computing Using Registers and Caches: The Problem, Challenges, and Solutions

Jingqiang Lin, Bo Luo, Le Guan, Jiwu Jing

IEEE Security Privacy

PDF | Source Code
From Physical to Cyber: Escalating Protection for Personalized Auto Insurance

Le Guan, Jun Xu, Shuai Wang, Xinyu Xing, Lin Lin, Heqing Huang, Peng Liu, Wenke Lee

Proceedings of the 14th ACM Conference on Embedded Network Sensor Systems, SenSys '16

PDF | Source Code
Protecting private keys against memory disclosure attacks using hardware transactional memory

Le Guan, Jingqiang Lin, Bo Luo, Jiwu Jing, Jing Wang

2015 IEEE Symposium on Security and Privacy, Oakland '15

PDF | Source Code
Copker: Computing with Private Keys without RAM

Le Guan, Jingqiang Lin, Bo Luo, Jiwu Jing

21st Annual Network and Distributed System Security Symposium, NDSS '14

PDF | Source Code