I am an Offensive Security Researcher at Intel. My research interests are in design automation and functional and security verification of computer systems. My passion is empowering designers with methodologies and frameworks to ensure systems' correctness and security guarantees by leveraging formal modeling and automated verification techniques. Before joining Intel, I received my B.S. from National Taiwan University and my M.A. and Ph.D. from Princeton University.
Contact: bo-yuan.huang (at) intel (dot) com
(2021 - present)
Offensive Security Researcher, Security Research
(2015 - 2021)
Research Assistant, Electrical and Computer Engineering
(Summer 2018 & Summer 2019)
Research Intern, New Security Ventures & Research in Software Engineer
Research Intern, Research in Software Engineer
(Summer 2016 & Summer 2017)
Security Research Intern, Security Center of Excellence
Technical Intern, Security Center of Excellence
Coast Guard Administration
(2014 - 2015)
Taiwan Semiconductor Manufacturing Company
Software Engineer Intern, Advanced Process Transferring Group
National Taiwan University
(2010 - 2014)
Undergraduate Research Assistant, Applied Logic and Computation Lab
Undergraduate Research Assistant, Wireless and Mobile Networking Lab
(Intel, Synopsys, Texas AMU, and TU Darmstadt)
The HACK@EVENT franchise is a first-of-its-kind hardware security contest held in conjunction with top security and system venues such as USENIX Security, DAC, and CHES. The goal is to foster a broader security mindset and develop the next generation of hardware security experts through boosting community open-sourcing and facilitating research in automatic tools and verification techniques.
(Stanford University and Princeton University)
The UPSCALE project is funded within the DARPA Posh Open Source Hardware (POSH) program. The goal is to develop open-source tools and techniques for verifying and evaluating heterogeneous hardware computing systems. It uses different levels of abstraction—instruction-level interfaces for processors and accelerators, circuit-level models for analog/mixed-signal components, and RTL FSM for other digital modules.
(Princeton University, U. of Washington, and Harvard University)
The 3LA project is funded by the Applications Driving Architectures Center (ADA). The goal is to develop a "plug-and-play" ecosystem for software and hardware development in heterogeneous computer systems. Specifically, we developed an end-to-end verification/validation framework for accelerators and a DSL compiling flow to provide platform portability and allow optimization via standard compiler flows.
OneFuzz is a cross-platform open-source fuzzing framework by Microsoft. The goal is to enable continuous developer-driven fuzzing to harden software security proactively. Among its ventures, RESTler is the first stateful REST API fuzzer that efficiently find security and reliability bugs in cloud services.
Security Risk Detection
The Microsoft Security Risk Detection Service (MSRD) is the first “fuzzing-as-a-service” offering, providing users with a premium software testing experience, searching for vulnerabilities in native code with the power of MSR‘s Scalable Automated Guided Execution (SAGE) tool.
The Instruction-Level Abstraction (ILA) provides a software/hardware interface that generalizes the notion of ISAs to accelerators. This project investigates the uses of ILA in modeling, verification, and the automation of software and hardware in heterogeneous computing systems, such as firmware verification, memory-consistency reasoning, protocol verification, and equivalence/refinement checking of RTL implementation.