Dongchen Xie | Kernel Security Researcher

Dongchen Xie

$ cat about.txt

$ cat contact.txt

Email / CV / Github

$ cat skills.dat

Skills

C / C++

Linux Kernel

Vulnerability Exploitation

Fuzzing

Python

QEMU / Virtualization

Reverse Engineering

SDN / Networking

$ git log --oneline career.log

Timeline

[2023-09 ~ now] M.S. @ Renmin University of China - Kernel Security Research

[2019-09 ~ 2023-06] B.E. @ UESTC - GPA 3.96/4.00

[2025] Published @ IEEE S&P - BridgeRouter

[2024] Published @ ACM ISSTA - DueForce

[2022] Contributed to Tencent OpenCloudOS - lkp-extent

[2021] Huawei Open Source - iSula Network Emulator

$ ls research/

Research

I'm interested in kernel security. My research is about linux kernel vulnerability exploitation.

BridgeRouter: Automated Capability Upgrading of Out-Of-Bounds Write Vulnerabilities to Arbitrary Memory Write Primitives in the Linux Kernel
Dongchen Xie, Dongnan He, Wei You, et al.
IEEE S&P, 2025

In this paper, we propose a practical approach that enables arbitrary memory writes from kernel OOB vulnerabilities with limited capabilities. Our method leverages two special kinds of kernel objects to upgrade the capability from an uncontrolled overwrite to a controlled overwrite, ultimately achieving arbitrary memory write.

Define-Use Guided Path Exploration for Better ForcedExecution
Dongnan He, Dongchen Xie, Yujie Wang, et al.
ACM ISSTA, 2024

In this paper, we propose a novel and practical path exploration strategy that focuses on the coverage of define-use relations in the subject binary. We develop a fuzzing approach for exploring these define-use relations in a progressive and self-supervised way.

$ cat exploit_snippet.c

Code Showcase

kernel_oob_exploit.c

/* Capability upgrade: OOB write -> Arbitrary write */
static int trigger_oob_write(int fd, size_t offset) {
    struct bridge_obj *obj;
    void *spray_buf;

    /* Step 1: Spray vulnerable slab cache */
    spray_buf = heap_spray(KMALLOC_256, NUM_SPRAY);

    /* Step 2: Trigger OOB via ioctl */
    ioctl(fd, VULN_IOCTL, &overflow_data);

    /* Step 3: Upgrade to arbitrary write */
    obj = find_bridge_object(spray_buf);
    obj->write_target = (void *)MODPROBE_PATH;
    trigger_controlled_write(obj, payload, sizeof(payload));

    return 0;
}

$ ls projects/

Miscellanea

	Design for Extending iSula with a Software-Defined Network Emulator Dongchen Xie, Beichuan Zhang, Jinhao Zhang Huawei Open Source Software Supply Chain, 2021 We design a virtual network emulator based on iSula containers, achieving unified management of virtual node clusters with the ONOS controller.
	SDN Campus Network Intrusion Detection and Defense System Dongchen Xie, Beichuan Zhang C4-Network Technology Challenge, 2021 We utilize the lower-layer P4 and upper-layer deep learning for detecting incoming traffic, intercepting more than 94% of malicious traffic.
	lkp-extent Dongchen Xie, Dengzhi Wu Tencent OpenCloudOS, 2022 We add stress-related testing of Intel's open-source project LKP in a container environment to enhance the RAS features of the Linux system.

Feel free to steal this website's source code.