2025

Semantics-Guided Black-Box Fuzzing for Microarchitectural Vulnerabilities in Processors
Semantics-Guided Black-Box Fuzzing for Microarchitectural Vulnerabilities in Processors

Zhenyu Lei, Advised by Prof. Fei Tong

Hardware Fuzzing Master Thesis ResearchMar 2025 - Present

Delivering Core Contributions: 1) a Semantics-Guided Fuzzing Strategy for efficient instruction exploration; 2) a novel Coverage Feedback Mechanism established by dynamically maintaining Side-Channel Attack Templates; and 3) ModelChecking Techniques for Vulnerability Localization.

Semantics-Guided Black-Box Fuzzing for Microarchitectural Vulnerabilities in Processors

Zhenyu Lei, Advised by Prof. Fei Tong

Hardware Fuzzing Master Thesis ResearchMar 2025 - Present

Delivering Core Contributions: 1) a Semantics-Guided Fuzzing Strategy for efficient instruction exploration; 2) a novel Coverage Feedback Mechanism established by dynamically maintaining Side-Channel Attack Templates; and 3) ModelChecking Techniques for Vulnerability Localization.

Security Attack Modeling for Processor Microarchitectures
Security Attack Modeling for Processor Microarchitectures

Zhenyu Lei

Hardware Fuzzing Funded by the Cyber Security Association of China (¥60,000)Jun 2025 - Present

Delivering Core Contributions: 1) a SoK on Microarchitectural Vulnerabilities; 2) a Systematic Modeling Report defining standard attack primitives; and 3) a Portable Benchmark Suite for cross-platform security validation.

Security Attack Modeling for Processor Microarchitectures

Zhenyu Lei

Hardware Fuzzing Funded by the Cyber Security Association of China (¥60,000)Jun 2025 - Present

Delivering Core Contributions: 1) a SoK on Microarchitectural Vulnerabilities; 2) a Systematic Modeling Report defining standard attack primitives; and 3) a Portable Benchmark Suite for cross-platform security validation.

High-Performance Register File Design
High-Performance Register File Design

Zhe Zhou, Zhenyu Lei, Xiaoyu Cheng, Advised by Prof. Fei Tong

High-Performance Systems 2nd Prize (Cadence Track), China Postgraudate IC Innovation CompetitionApr 2025 - Jul 2025

1) Designed a parallel register file (15W5R, 256×32 bit) with dual-cycle read and single-cycle write timing, implementing address pre-decoding and parallelized priority encoding strategies to reduce arbitration complexity for shortening the critical path.
2) Established an automated verification pipeline to ensure RTL and gate-level consistency through cycle-accurate comparisons against reference models.
3) Applied timing-driven optimizations (e.g., retiming and min-delay constraints) using Cadence Genus and Innovus to achieve timing closure at 300 MHz operating frequency.
4) Conducted dynamic and static power analysis using Cadence Joules with SDF back-annotation and switching activity waveforms.

High-Performance Register File Design

Zhe Zhou, Zhenyu Lei, Xiaoyu Cheng, Advised by Prof. Fei Tong

High-Performance Systems 2nd Prize (Cadence Track), China Postgraudate IC Innovation CompetitionApr 2025 - Jul 2025

1) Designed a parallel register file (15W5R, 256×32 bit) with dual-cycle read and single-cycle write timing, implementing address pre-decoding and parallelized priority encoding strategies to reduce arbitration complexity for shortening the critical path.
2) Established an automated verification pipeline to ensure RTL and gate-level consistency through cycle-accurate comparisons against reference models.
3) Applied timing-driven optimizations (e.g., retiming and min-delay constraints) using Cadence Genus and Innovus to achieve timing closure at 300 MHz operating frequency.
4) Conducted dynamic and static power analysis using Cadence Joules with SDF back-annotation and switching activity waveforms.

2023

Aware+Fuzz: A Cache Side-Channel Mitigation Architecture for RISC-V Processors
Aware+Fuzz: A Cache Side-Channel Mitigation Architecture for RISC-V Processors

Zhenyu Lei, Minye Song, Ziyu Zhai, Advised by Prof. Fei Tong

Microarchitectural Attacks 3rd Prize, National College Student Information Security ContestApr 2023 – Aug 2023

1) Led a team to design and implement Aware+Fuzz, a novel two-module architecture for mitigating cache side-channel attacks on RISC-V processors. Aware+Fuzz consists of an Aware Attack Module (AAM) and a Fuzz Observation Module (FOM).
2) Validated on RISC-V hardware and gem5, demonstrating robust defense against Spectre attacks with negligible overhead (<1% on SPEC CPU 2017) and seamless hardware compatibility.

Aware+Fuzz: A Cache Side-Channel Mitigation Architecture for RISC-V Processors

Zhenyu Lei, Minye Song, Ziyu Zhai, Advised by Prof. Fei Tong

Microarchitectural Attacks 3rd Prize, National College Student Information Security ContestApr 2023 – Aug 2023

1) Led a team to design and implement Aware+Fuzz, a novel two-module architecture for mitigating cache side-channel attacks on RISC-V processors. Aware+Fuzz consists of an Aware Attack Module (AAM) and a Fuzz Observation Module (FOM).
2) Validated on RISC-V hardware and gem5, demonstrating robust defense against Spectre attacks with negligible overhead (<1% on SPEC CPU 2017) and seamless hardware compatibility.

Spectre Attack Mitigation on RISC-V Processors
Spectre Attack Mitigation on RISC-V Processors

Zhenyu Lei, Advised by Prof. Fei Tong

Microarchitectural Attacks Outstanding Undergraduate Thesis, Southeast UniversityDec 2022 – Jun 2023

1) Reproduced Spectre v1 attacks on RISC-V processors and systematically analyze microarchitectural side-channel vulnerabilities.
2) Introduced Flush Key Load (FKL), a novel detection metric for identifying abnormal cache access patterns indicating Spectre-like behavior; validated its effectiveness on gem5 and Chipyard.
3) Designed a dual-layer defense strategy which uses FKL to trigger coordinated hardware-software mitigation; benchmark results demonstrated the strategy’s robust resistance to Spectre v1 attacks with only ~2% performance overhead.

Spectre Attack Mitigation on RISC-V Processors

Zhenyu Lei, Advised by Prof. Fei Tong

Microarchitectural Attacks Outstanding Undergraduate Thesis, Southeast UniversityDec 2022 – Jun 2023

1) Reproduced Spectre v1 attacks on RISC-V processors and systematically analyze microarchitectural side-channel vulnerabilities.
2) Introduced Flush Key Load (FKL), a novel detection metric for identifying abnormal cache access patterns indicating Spectre-like behavior; validated its effectiveness on gem5 and Chipyard.
3) Designed a dual-layer defense strategy which uses FKL to trigger coordinated hardware-software mitigation; benchmark results demonstrated the strategy’s robust resistance to Spectre v1 attacks with only ~2% performance overhead.

Design and Implementation of an In-order, Five-stage Pipelined RISC-V Processor
Design and Implementation of an In-order, Five-stage Pipelined RISC-V Processor

Zhenyu Lei

High-Performance Systems Independent Project, Institute of Computing Technology, Chinese Academy of SciencesSep 2022 – Jun 2023

1) Designed and implemented a tape-out ready RISC-V SoC, key modules including Instruction Decode Unit (IDU), Arithmetic Logic Unit (ALU), data/instruction memory, General Purpose Registers (GPRs), and Control and Status Registers (CSRs).
2) Optimized module interfaces and pipeline control logic to ensure full 5-stage in-order pipeline functionality (IF, ID, EX, MEM, WB), supporting precise exception handling and instruction flow consistency.
3) Built a verification platform integrating an interactive debugger and DiffTest with NEMU to ensure cycle-level correctness, validating system robustness by successfully booting complex workloads like Super Mario Bros at 24 FPS.

Design and Implementation of an In-order, Five-stage Pipelined RISC-V Processor

Zhenyu Lei

High-Performance Systems Independent Project, Institute of Computing Technology, Chinese Academy of SciencesSep 2022 – Jun 2023

1) Designed and implemented a tape-out ready RISC-V SoC, key modules including Instruction Decode Unit (IDU), Arithmetic Logic Unit (ALU), data/instruction memory, General Purpose Registers (GPRs), and Control and Status Registers (CSRs).
2) Optimized module interfaces and pipeline control logic to ensure full 5-stage in-order pipeline functionality (IF, ID, EX, MEM, WB), supporting precise exception handling and instruction flow consistency.
3) Built a verification platform integrating an interactive debugger and DiffTest with NEMU to ensure cycle-level correctness, validating system robustness by successfully booting complex workloads like Super Mario Bros at 24 FPS.

Privacy-Preserving Cross-System Voiceprint Recognition and Protection
Privacy-Preserving Cross-System Voiceprint Recognition and Protection

Zhenyu Lei, Advised by Prof. Ben Niu

High-Performance Systems Funded by Institute of Information Engineering, Chinese Academy of Sciences (¥12,000)Aug 2022 - Jun 2023

1) Proposed a lightweight, privacy-preserving framework to mitigate critical biometric vulnerabilities, including voiceprint leakage, spoofing, and identity theft in mobile environments.
2) Developed a Vector Quantization (VQ) recognition pipeline by extracting Linear Predictive Coding (LPC) acoustic features and generating user-specific voiceprint templates via the LBG algorithm.
3) Optimized deployment for resource-constrained mobile platforms, achieving high recognition precision with low computational and memory overhead in real-world experiments.

Privacy-Preserving Cross-System Voiceprint Recognition and Protection

Zhenyu Lei, Advised by Prof. Ben Niu

High-Performance Systems Funded by Institute of Information Engineering, Chinese Academy of Sciences (¥12,000)Aug 2022 - Jun 2023

1) Proposed a lightweight, privacy-preserving framework to mitigate critical biometric vulnerabilities, including voiceprint leakage, spoofing, and identity theft in mobile environments.
2) Developed a Vector Quantization (VQ) recognition pipeline by extracting Linear Predictive Coding (LPC) acoustic features and generating user-specific voiceprint templates via the LBG algorithm.
3) Optimized deployment for resource-constrained mobile platforms, achieving high recognition precision with low computational and memory overhead in real-world experiments.

2022

Clock Synchronization for Heterogeneous IoT with Collaborative Sleep Scheduling
Clock Synchronization for Heterogeneous IoT with Collaborative Sleep Scheduling

Zhenyu Lei, Jia Cheng, Liting Zeng, Yifeng Yang, Qiwei Zong, Advised by Prof. Fei Tong

High-Performance Systems Oct 2021 - May 2022

1) Designed and implemented a novel mechanism to address clock drift and desynchronization in heterogeneous IoT networks caused by processor frequency discrepancies.
2) Optimized the IEEE 802.11 MAC RTS/CTS handshake to carry processor frequency metadata across nodes, followed by developing a calibration algorithm integrating frequency preprocessing and error-threshold-based correction to achieve precise, power-efficient synchronization across heterogeneous devices.
3) Experiments on the Contiki OS with MicaZ and Z1 sensor platforms showed that synchronization errors were transformed from unbounded growth into bounded stability.

Clock Synchronization for Heterogeneous IoT with Collaborative Sleep Scheduling

Zhenyu Lei, Jia Cheng, Liting Zeng, Yifeng Yang, Qiwei Zong, Advised by Prof. Fei Tong

High-Performance Systems Oct 2021 - May 2022

1) Designed and implemented a novel mechanism to address clock drift and desynchronization in heterogeneous IoT networks caused by processor frequency discrepancies.
2) Optimized the IEEE 802.11 MAC RTS/CTS handshake to carry processor frequency metadata across nodes, followed by developing a calibration algorithm integrating frequency preprocessing and error-threshold-based correction to achieve precise, power-efficient synchronization across heterogeneous devices.
3) Experiments on the Contiki OS with MicaZ and Z1 sensor platforms showed that synchronization errors were transformed from unbounded growth into bounded stability.

2021

SuriVPP: A High-Performance Virtualized Intrusion Prevention System
SuriVPP: A High-Performance Virtualized Intrusion Prevention System

Zhenyu Lei, ..., Advised by Prof. Sanfeng Zhang

High-Performance Systems Core Member | 1st Place, National Undergraduate Extracurricular Sci&Tech CompetitionJul 2021 - Nov 2021

1) Engineered SuriVPP, a high-performance IPS coupling Suricata with Vector Packet Processing (VPP) to resolve kernel-user context switch bottlenecks, enabling high-speed user-space packet processing on ARM/x86 platforms.
2) Developed a custom zero-copy VPP plugin that embeds the Suricata engine directly into the VPP thread, eliminating inter-process communication overhead; re-engineered memory management using lock-free ring buffers and CPU affinity to maximize cache locality.
3) Achieved 3× native performance (6 Gbps) with ultra-low latency (19.89 µs, ~22% of the national standard) on Kunpeng servers, verifying the system's stability via Dockerized cross-platform deployment.

SuriVPP: A High-Performance Virtualized Intrusion Prevention System

Zhenyu Lei, ..., Advised by Prof. Sanfeng Zhang

High-Performance Systems Core Member | 1st Place, National Undergraduate Extracurricular Sci&Tech CompetitionJul 2021 - Nov 2021

1) Engineered SuriVPP, a high-performance IPS coupling Suricata with Vector Packet Processing (VPP) to resolve kernel-user context switch bottlenecks, enabling high-speed user-space packet processing on ARM/x86 platforms.
2) Developed a custom zero-copy VPP plugin that embeds the Suricata engine directly into the VPP thread, eliminating inter-process communication overhead; re-engineered memory management using lock-free ring buffers and CPU affinity to maximize cache locality.
3) Achieved 3× native performance (6 Gbps) with ultra-low latency (19.89 µs, ~22% of the national standard) on Kunpeng servers, verifying the system's stability via Dockerized cross-platform deployment.