李松

李松

浙江大学百人计划研究员
计算机科学与技术学院
网络空间安全学院
浙江大学

个人简介

李松,浙江大学百人计划研究员,博导。国家重点研发计划项目首席科学家,入选中国科协青年人才托举工程。博士毕业于美国约翰斯霍普金斯大学计算机科学学院。主要研究方向为程序分析、漏洞挖掘、应用安全等。在安全领域四大顶会(CCS、USENIX Security、NDSS,IEEE S&P),软件领域顶会ESEC/FSE等会议发表均有论文发表。担任安全领域四大顶会IEEE S&P、USENIX Security、ACM CCS等国际顶尖学术会议的学术委员会委员。主持国家基金委青年项目以及来自华为、阿里的多项项目。主持开发ODGen等漏洞挖掘平台,共挖掘零日漏洞400余个,获得IEEE S&P 2025年度、ACM CCS 2023年度杰出论文奖等奖项。

教育背景

计算机科学博士,2018年8月 - 2022年2月
导师: Dr. Yinzhi Cao
约翰霍普金斯大学
计算机科学与工程硕士,2015年8月 - 2017年5月
里海大学
软件工程学士,2011年8月 - 2015年5月
北京理工大学

论文

  • [IEEE S&P '26] Practical Covert Channel across Isolated Browser Instances via GPU Command Queue Contention
    Junhong Liu, Zifeng Kang, Song Li*, Yinzhi Cao
    to appear in the Proceedings of the IEEE Symposium on Security and Privacy (Oakland), 2026.
    [paper]
  • [ISSRE '25] ISGraphVD: Precise Vulnerability Detection for IoT Supply Chains Based on Identifier Sensitive Graph
    Yingli Zhang, Xin Liu*, Ziang Liu, Song Li*, Nan Li, Weina Niu, Rui Zhou, Qingguo Zhou*
    in the Proceedings of the The lEEE International Symposium on Software Reliability Engineering 2025
    [paper]
  • [MM '25] SiFMimicEvader: Evading Fake Voice Detection with Adversarial Neural Mimicry Attacks
    Xuan Hai, Xin Liu, Zihao Zhang, Ziyao Yu, Kong Xiangzhen, Song Li, Weina Niu, Rui Zhou, Qingguo Zhou
    in the Proceedings of the ACM Multimedia, 2025.
    [paper]
  • [ICSME '25] LLM-SZZ: Novel Vulnerability Affected Range Identification Driven by Large Language Model and CVE Description
    Siqi Fan, Xin Liu, Yingli Zhang, Yuan Tan, Luxing Yin, Zhaorun Chen, Song Li, Lei Qiao and Rui Zhou
    in the Proceedings of the International Conference on Software Maintenance and Evolution, 2025.
    [paper]
  • [TIFS] BPFDex: Enabling Robust Android Apps Unpacking via Android Kernel
    Mingyang Li, Weina Niu, Jiacheng Gong, Song Li, Mingxue Zhang, Xiaosong Zhang
    IEEE Transactions on Information Forensics and Security
    [paper]
  • [TheWebConf(WWW) '25] SigScope: Detecting and Understanding Off-Chain Message Signing-related Vulnerabilities in Decentralized Applications
    Sajad Meisami, Hugo Dabadie, Song Li, Yuzhe Tang, Yue Duan
    in the Proceedings of the The Web Conference (WWW), 2025.
    [paper]
  • [IEEE S&P '25] Follow My Flow: Unveiling Client-Side Prototype Pollution Gadgets from One Million Real-World Websites
    Zifeng Kang, Muxi Lyu, Zhengyu Liu, Jianjia Yu, Runqi Fan, Song Li, Yinzhi Cao
    Distinguished Paper Award
    in the Proceedings of the IEEE Symposium on Security and Privacy (Oakland), 2025.
    [paper]
  • [TIFS] Sensitive Behavioral Chain-focused Android Malware Detection Fused with AST Semantics
    Jiacheng Gong, Weina Niu, Song Li, Mingxue Zhang, Xiaosong Zhang
    IEEE Transactions on Information Forensics and Security
  • [TIFS] GraphTunnel: Robust DNS Tunnel Detection Based on DNS Recursive Resolution Graph
    Guangyuan Gao, Weina Niu, Jiacheng Gong, Dujuan Gu, Song Li, Mingxue Zhang, Xiaosong Zhang
    IEEE Transactions on Information Forensics and Security
  • [SoCC' 24] SQLStateGuard: Statement-Level SQL Injection Defense Based on Learning-Driven Middleware
    Xin Liu, Yuanyuan Huang, Tianyi Wang, Song Li*, Weina Niu, Jun Shen, Qingguo Zhou*, Xiaokang Zhou
    in the Proceedings of the The 15th ACM Symposium on Cloud Computing (SoCC), 2024
    [paper]
  • [MM '24] What's the Real: A Novel Design Philosophy for Robust AI-Synthesized Voice Detection
    Xuan Hai, Xin Liu*, Yuan Tan, Gang Liu*, Song Li*, Weina Niu, Rui Zhou, Xiaokang Zhou
    in the Proceedings of the ACM Multimedia 2024
    [paper]
  • [ISSRE '24] LiScopeLens: An Open-Source License Incompatibility Analysis Tool Based on Scope Representation of License Terms
    Ziang Liu, Xin Liu, Yingli Zhang, Zihao Zhang, Song Li,Weina Niu, Qingguo Zhou, Rui Zhou and Xiaokang Zhou
    Best Paper Runner-up Award
    in the Proceedings of the The lEEE International Symposium on Software Reliability Engineering 2024
    [paper]
  • [TST] Bridging the Compliance Gap: Effective and Efficient Detection of Non-Compliant Behaviors in Android Applications
    Runqi Fan, Fan Wu, Zifeng Kang, Peng Hu, Weiting Chen, Song Li*
    Tsinghua Science And Technology
    [paper]
  • [ICME '24] Ghost-in-Wave: How Speaker-Irrelative Features Interfere DeepFake Voice Detectors
    Xuan Hai, Xin Liu, Zhaorun Chen, Yuan Tan, Song Li, Weina Niu, Gang Liu, Rui Zhou, QINGGUO ZHOU
    in the Proceedings of the IEEE Conference on Multimedia Expo 2024
    [paper]
  • [CCS '23] CoCo: Efficient Browser Extension Vulnerability Detection via Coverage-guided, Concurrent Abstract Interpretation
    Jianjia Yu, Song Li, Junmin Zhu, and Yinzhi Cao,
    Distinguished Paper Award
    in the Proceedings of The ACM Conference on Computer and Communications Security (CCS), 2023
    [paper]
  • [IEEE S&P '23] Scaling JavaScript Abstract Interpretation to Detect and Exploit Node.js Taint-style Vulnerability
    Mingqing Kang, Yichao Xu, Song Li, Rigel Gjomemo, Jianwei Hou, V.N. Venkatakrishnan, and Yinzhi Cao
    in the Proceedings of the IEEE Symposium on Security and Privacy (Oakland), 2023.
    [paper]
    The research results in 21 CVEs, e.g., CVE-2023-25805.
  • [USENIX Security '22]Mining Node.js Vulnerabilities via Object Dependence Graph and Query
    Song Li, Mingqing Kang, Jianwei Hou, Yinzhi Cao
    in the Proceedings of the 31th USENIX Security Symposium, 2022
    [paper] [source code]
    The artifact is evaluated and the results are reproduced by the USENIX AE committee.
    Badges: Artifacts Available, Artifacts Functional, Results Reproduced
    The research results in 70 CVEs, e.g., CVE-2019-10777 in aws-lambda and CVE-2020-7625 in op-browser.
  • [NDSS '22]Probe the Proto: Measuring Client-Side Prototype Pollution Vulnerabilities of One Million Real-world Websites
    Zifeng Kang, Song Li, Yinzhi Cao
    in the Proceedings of Network & Distributed System Security Symposium (NDSS), 2022
    [paper] [source code]
    The research results in 2,738 real-world websites, including ten among the top 1,000 Tranco websites, which are vulnerable to 2,917 zero-day, exploitable prototype pollution vulnerabilities. 48 vulnerabilities further lead to XSS, 736 to cookie manipulations, and 830 to URL manipulations. A detailed list of vulnerable websites(excluding some websites that cannot be reached or are still in the process of vulnerability patching) is here.
  • [AsiaCCS '22] GraphTrack: A Graph-based Cross-Device Tracking Framework
    Binghui Wang, Tianchen Zhou, Song Li, Yinzhi Cao, and Neil Gong
    in the Proceedings of ACM Asia Conference on Computer and Communications Security, 2022.
  • [ESEC/FSE '21]Detecting Node.js Prototype Pollution Vulnerabilities via Object Lookup Analysis
    Song Li, Mingqing Kang, Jianwei Hou, Yinzhi Cao
    in the Proceeding of the ACM Joint European Software Engineering Conference and Symposium on-the Foundations of Software Engineering (ESEC/FSE), 2021
    [paper] [DOI] [source code]
    The research results in 11 CVEs, e.g., CVE-2019-10795 in undefsafe (>5M weekly downloads) and CVE-2020-7643 in paypal-adaptive.
  • [IMC '20]Who Touched My Fingerprint? A Large-scale Measurement Study and Classification of Fingerprint Dynamics
    Song Li, Yinzhi Cao
    in the Proceeding of the Internet Measurement Conference (IMC), 2020
    [paper] [DOI/video]
  • [USENIX Security '19]Rendered Private: Making GLSL Execution Uniform to Prevent WebGL-based Browser Fingerprinting
    Shujiang Wu, Song Li and Yinzhi Cao, Ningfei Wang
    in the Proceeding of the 28th USENIX Security Symposium, 2019
    [paper]
  • [CCS '17]Deterministic Browser
    Yinzhi Cao, Zhanhao Chen, Song Li, Shujiang Wu
    in the Proceeding of ACM Conference on Computer and Communications Security (CCS), 2017
    [paper]
  • [NDSS '17](Cross-)Browser Fingerprinting via OS and Hardware Level Features
    Yinzhi Cao, Song Li* and Erik Wijmans
    (* First student author)
    in the Proceeding of the Annual Network & Distributed System Security Symposium (NDSS), 2017
    [paper] [video] [source code]
    The research is featured by many media outlets, such as
    BeepingComputer, ZDNet, Top Tech News, EurekAlert, Ars Technica, Fossbytes, Sci-Tech Today, The Hackers News,
    The Register, I Programmer, Digital Journal and IEEE Spectrum

主持项目

  • 国家重点研发计划项目: 面向可信的混源软件成分分析关键技术合作研究,项目负责人,2025-2028
  • X重大项目: 面向XX的XX项目,项目负责人
  • 国家自然科学基金青年科学基金项目: 端云协同的高精度安卓APP行为检测与监控系统,项目负责人,2024-2027
  • 华为横向项目: AI辅助移动应用隐私安全验证技术,2025-2026
  • 蚂蚁横向项目: 安全关键路径分析,2025-2026
  • 华为横向项目: 基于图的应用行为检测技术,2023-2024
  • 蚂蚁横向项目: APP业务安全的自动建模测试框架,2023-2024
  • 蚂蚁横向项目: 统一化的多层中间表示,2023-2024

    • 程序委员会委员

  • ACM CCS: ACM CCS '25
  • IEEE S&P: IEEE S&P '25, '26
  • USENIX Security: USENIX Security '24, '25,'26
  • TheWebConf: TheWebConf '23
  • ACM MM: ACM Multimedia '25'

    • 期刊审稿人

  • IEEE Transactions on Information Forensics and Security (TIFS)
  • IEEE Transactions on Dependable and Secure Computing (TDSC)
  • ACM Computing Surveys
  • Empirical Software Engineering

    • 研究团队

    博士生

  • 刘晋宏: 浙江大学, 09/2022-至今
  • 范润琦: 浙江大学, 09/2023-至今
  • 吴凡: 浙江大学, 09/2023-至今
  • 曹伟思: 浙江大学, 09/2023-至今
  • 丁彦文: 浙江大学, 09/2025-至今

    • 硕士生

  • 史修文: 浙江大学, 09/2023-至今
  • 黄达: 浙江大学, 09/2023-至今
  • 倪旻: 浙江大学, 09/2024-至今
  • 姚霁峰: 浙江大学, 09/2024-至今
  • 王啸天: 浙江大学, 09/2024-至今
  • 骆奕炜: 浙江大学, 09/2025-至今
  • 谭乔峰: 浙江大学, 09/2025-至今