教师名录

罗昌华

邮          箱:

职          称:

办公室地址:

实验室地址:

个人简介

罗昌华,武汉大学武汉数学与智能研究院研究员、博士生导师,主要从事程序分析、软件安全与Web安全领域的研究工作。在S&PCCSNDSSICSE等国际顶级学术会议上发表多篇一作或通讯论文。研究成果包括在关键基础设施(如OpenSSL、谷歌/苹果/火狐浏览器、Symfony框架)中发现并推动修复上百个高危漏洞,相关工作多次获得谷歌、苹果等公司的公开致谢与漏洞赏金。博士期间,作为第一作者的论文获得ACM CCS '22最佳论文提名奖。详情请浏览主页https://chluo1997.github.io/

实验室长期招收博士、硕士研究生,欢迎本校大二、大三及保研同学提前加入课题组,参与大学生创新创业训练计划及其他科研竞赛项目。


研究方向

漏洞检测:发现软件中的各种安全问题,包括内存安全、注入型漏洞、逻辑漏洞和性能漏洞等。

漏洞分析:评估漏洞的严重性与潜在风险,如漏洞利用、漏洞溯源等

漏洞修复:结合大模型与程序分析技术,开发自动化的漏洞修复方法等。


教育背景

武汉大学,信息安全、本科

香港中文大学,计算机科学与工程,博士


工作经验

2024/07-2024/12: 香港大学:博后

2025/02-至今:武汉大学:研究员


教授课程

发表论文

[1] Chenlin Wang, Wei Meng, Changhua Luo, and Penghui Li. Predator: Directed Web Application Fuzzing for Efficient Vulnerability Validation.

The 46th IEEE Symposium on Security and Privacy (Oakland), May 2025.

[2] Jiayi Lin, Qingyu Zhang, Junzhe Li, Chenxin Sun, Hao Zhou, Changhua Luo*, and Chenxiong Qian*. Automatic Library Fuzzing through API Relation Evolvement.

In Proceedings of The 32nd Annual Network and Distributed System Security Symposium (NDSS), Feb 2025.

[3] Changhua Luo, Penghui Li, Wei Meng, Chao Zhang. Test Suites Guided Vulnerability Validation for Node.js Applications. In Proceedings of The 31st ACM Conference on Computer and Communications Security (CCS), Oct 2024.

[4] Penghui Li, Wei Meng, Mingxue Zhang, Chenlin Wang, Changhua Luo. Holistic Concolic Execution for Dynamic Web Applications via Symbolic Interpreter Analysis. In Proceedings of The 45th IEEE Symposium on Security and Privacy (Oakland), May 2024.

[5] Changhua Luo, Wei Meng, Shuai Wang. Strengthening Supply Chain Security with Fine-grained Safe Patch Identification. In Proceedings of 46th International Conference on Software Engineering (ICSE), research track, April 2024.

[6] Changhua Luo, Wei Meng, Penghui Li. SelectFuzz: Efficient Directed Fuzzing with Selective Path Exploration. In Proceedings of The 44th IEEE Symposium on Security and Privacy (Oakland), May 2023.

[7] Changhua Luo, Penghui Li, Wei Meng. TChecker: Precise Static Inter-Procedural Analysis for Detecting Taint-Style Vulnerabilities in PHP Applications. In Proceedings of The 29th ACM Conference on Computer and Communications Security (CCS), Nov 2022. ACM CCS 2022 Best Paper Honorable Mention

[8] Penghui Li, Wei Meng, Kangjie Lu, Changhua Luo. On the Feasibility of Automated Built-in Function Modeling for PHP Symbolic Execution. In Proceedings of the 30th Web Conference (WWW), security track, Feb 2021.



课题科研

研究团队

获奖信息