Changhua Luo

Changhua Luo

Postdoctoral Researcher

HKU

I am a postdoctoral researcher at the Software Security and System Lab at the University of Hong Kong, working under the guidance of Prof. Chenxiong Qian. I received my Ph.D. degree from the Chinese University of Hong Kong, where I was supervised by Prof. Wei Meng, and received my B.Eng. from Wuhan University.

My research interests primarily include program analysis, software security, and web security. Recently, I have mainly worked on developing techniques for automatically detecting and patching vulnerabilities in software (C/C++ and Web applications).

I will join the Institute for Math & AI at Wuhan University as a tenure-track assistant professor in January 2025. I am looking for self-motivated Ph.D. and master students. If you are interested, feel free to contact me.

Interests
  • Program Analysis
  • Software Security
  • Web Security
Education
  • Ph.D. in Computer Science and Engineering, 2024

    The Chinese University of Hong Kong

  • B.Eng. in Information Security, 2019

    Wuhan University

News

  • <2024-09> One paper accepted to Oakland 2025.
  • <2024-08> One paper accepted to CCS 2024.
  • <2024-07-16 Tue> I joined HKU as a postdoctoral researcher.
  • <2024-05-14 Tue> I passed my Ph.D. defense at CUHK.

Publications

  • Predator: Efficient Dynamic Validation for Web Application Vulnerabilities.

    Chenlin Wang, Wei Meng, Changhua Luo, and Penghui Li.

    To appear in Proceedings of The 46th IEEE Symposium on Security and Privacy (Oakland), May 2025.

  • Test Suites Guided Vulnerability Validation for Node.js Applications. [PDF][code]

    Changhua Luo, Penghui Li, Wei Meng, Chao Zhang.

    To appear in Proceedings of The 31st ACM Conference on Computer and Communications Security (CCS), Oct 2024.

  • Holistic Concolic Execution for Dynamic Web Applications via Symbolic Interpreter Analysis. [PDF][code]

    Penghui Li, Wei Meng, Mingxue Zhang, Chenlin Wang, Changhua Luo.

    In Proceedings of The 45th IEEE Symposium on Security and Privacy (Oakland), May 2024.

  • Strengthening Supply Chain Security with Fine-grained Safe Patch Identification. [PDF][code]

    Changhua Luo, Wei Meng, Shuai Wang.

    In Proceedings of 46th International Conference on Software Engineering (ICSE) (research track), April 2024.

  • SelectFuzz: Efficient Directed Fuzzing with Selective Path Exploration. [PDF][code]

    Changhua Luo, Wei Meng, Penghui Li.

    In Proceedings of The 44th IEEE Symposium on Security and Privacy (Oakland), May 2023.

  • TChecker: Precise Static Inter-Procedural Analysis for Detecting Taint-Style Vulnerabilities in PHP Applications. [PDF][code]

    Changhua Luo, Penghui Li, Wei Meng.

    In Proceedings of The 29th ACM Conference on Computer and Communications Security (CCS), Nov 2022.

    ★ ACM CCS 2022 Best Paper Honorable Mention, 20/971=2.06%.

  • On the Feasibility of Automated Built-in Function Modeling for PHP Symbolic Execution. [PDF][code]

    Penghui Li, Wei Meng, Kangjie Lu, Changhua Luo.

    In Proceedings of the 30th Web Conference (WWW), Feb 2021.

Services

Technical Program Committee

  • IEEE International Conference on Parallel and Distributed Systems (ICPADS), 2024

External Reviewer

  • IEEE Symposium on Security and Privacy (Oakland), 2023, 2024
  • The ACM Conference on Computer and Communications Security (CCS), 2021, 2022, 2023, 2024
  • The Web Conference (WWW), 2020, 2021, 2022, 2024
  • The ACM ASIA Conference on Computer and Communications Security (ASIACCS), 2021, 2022