GSW Home | Search | Campus Directories

School of Computer & Information Science
Biography | Courses | Current Projects | Publications | Research Interests

  Dr. Xiang Fu

Assistant Professor
School of Computer and Information Sciences
Georgia Southwestern State University,
800 GSW Drive, Americus, GA 31709

Office Location:  CWH 203
Office Hours: MWF 10:00 - 11:59AM

Phone: (229) 931-2819
Fax: (229) 931-2270
Email: xfu@canes.gsw.edu

Virtual Laboratory
 
 

  BIOGRAPHY back to top  

Dr. Xiang Fu has been a computer geek for almost twenty years. He received his B.S. in Computer Science from Fudan University (Shanghai, P.R. China) in 1999. He then spent five years on the beautiful Santa Barbara beach, got married, and finished his Ph.D in Computer Science from University of California, Santa Barbara in 2004. He is now an assistant professor at Georgia Southwestern State University.

  RESEARCH INTERESTS  back to top

My research lies in the general area of software engineering, with an emphasis on automated verification and testing. The purpose of my research is to develop theories and techniques for verifying and validating the functionality, reliability, and security of software systems. My interests include but are not limited to model checking, symbolic execution, realizability analysis, predicate abstraction, automated testing, study of asynchronously communicating state machines, Web Services, and Workflow systems. Recently, my primary focus has been the application of static analyses to automated scanning of Web application vulnerabilities such as SQL injection, Cross-Site Scripting attack, and AJAX security holes.

  COURSES  back to top

Fall 2007

  1. CSCI5120 Topics in Information Security. Note: Security Lab account on SunBlade 100 is required!
  2. CSCI4200 Design of Operating Systems (online). Note: SUN1 account is required!
  3. CSCI4100 Computer Architecture (online)
  4. CSCI6900 Special Problems (Java class instrumentation). Note: Laptop with 1GB memory is required!
  5. CIS1000 Computer Applications (online). Note: SAMS 2007 bundle is required!

For course materials, please visit WebCT. All assignments, projects, reports, etc. have to be submitted via WebCT assignment tool. Submissions via Email will not be accepted!

Courses Taught:

  1. CSCI6320 Advanced Software Engineering (graduate) (Spring’07)
  2. CSCI4900 Capstone Project (Fall’05, Spring’06, Fall’06, Spring’07, Fall'07)
  3. CIS 1000 Computer Applications (Summer’05, Fall’05, Summer’06, Fall’06, Summer’07, Fall'07)
  4. CSCI4100 Computer Architecture (Fall’04, Fall’05, Fall’06, Fall'07)
  5. CSCI3100 Computer Organization (Summer’05, Summer’06, Summer’07)
  6. CIS4200 Computer Security (Spring’07)
  7. CSCI3300 Concepts of Programming Languages (Spring’05)
  8. CSCI4210 Data Communication and Computer Networks (Spring’06)
  9. CSCI4200 Design of Operating Systems (Fall’04, Fall’05, Fall’06, Fall'07)
  10. CSCI6220 Distributed Operating Systems (graduate) (Spring’05, Spring’06)
  11. CSCI6930 Internship (graduate) (Spring’07)
  12. CSCI2000 Introduction to Computer Science I (Fall’04)
  13. CSCI4910 Junior/Senior Seminar (Spring’05, Spring’06, Spring’07)
  14. CSCI7900 Master’s Thesis (graduate) (Spring’05, Fall’05, Fall’06, Spring’07)
  15. CSCI4300 Software Engineering (Fall’06)
  16. CSCI4900 Special Problems in CS (Spring’05)
  17. CSCI6900 Special Problems in CS (graduate) (Fall’05, Fall’06, Fall'07)
  18. CSCI5120 Topics in Information Security (graduate) (Fall’04, Fall’06, Fall07)

Please refer to CIS multi-year schedule for course offering.

  CURRENT PROJECTS  back to top

Dr. Xiang Fu encourages hands-on projects in both teaching and research. He has also strong interests in developing open-source software tools for elevating the quality and efficiency of higher education.

We are looking for talented undergraduate and graduate students to work with us on exciting research projects! Occasionally we have projects with local industry partners/sponsors. Call (229) 931-2819 or email xfu@canes.gsw.edu for more information!

Research Projects

  1. SAFELI (Static Analysis Framework for dEtecting sqL Injection vulnerabilities).
    Participants: Dr. Xiang Fu (GSW), Dr. Kai Qian (SPSU), Dr. Lixin Tao (Pace), Dr. Boris Peltsverger (GSW), and Mr. Xin Lu (Master Student).
    Date: Fall’06 - present.
    The objective of the on-going project is to automatically discover SQL injection vulnerabilities resident in Web applications. The tool symbolically executes the backend bytecode of a Web application. Whenever a SQL statement is submitted to database, SAFELI constructs a hybrid string constraint, which makes the WHERE clause of the SQL query a tautology. The constraint is solved by a regular string solver. The solution is used for generating the initial values of HTML input elements. Then a test script is generated and executed by GUI testing tool to verify the vulnerability. The tool has the potential to outperform black-box Web application penetration tools.
     

  2. JavaSye (Java Symbolic execution and analYsis Engine).
    Participants: Dr. Xiang Fu (GSW)
    Date: Spring'07 - present.
    The on-going project constructs a symbolic execution engine for Java language at the byte-code level. We plan to enrich the tool with automatic widening, abstraction, and loop invariants inference techniques to overcome the challenge of infinite state space caused by loop and recursion.
     

  3. WSAT (Web Service Analysis Tool).
    Participants:     Dr. Xiang Fu (UCSB), Dr. Tevfik Bultan (UCSB), and Dr. Jianwen Su (UCSB), and Dr. Richard Hull (Lucent).
    Date: Fall’03 - Spring’04.
    WSAT is an automatic verifier that supports LTL model checking as well as the realizability/synchronizability check for asynchronously composed Web services. It accepts inputs specified using popular Web service standards such as BPEL4WS and WSDL, translates them to an intermediate representation called “guarded finite state automata” where the realizability/synchronizability check is conducted, and verifies LTL properties through the use of back end model checkers such as SPIN. Unlike its predecessors, WSAT handles full semantics of XML based data, which allows verification of Web services at a much greater detailed level.

Higher Education Administration and Education Related Projects

  1. APOGEE (Automated PrOject Grading and instant fEEdback system).
    Participants:     Dr. Xiang Fu (GSW), Dr. Kai Qian (SPSU), Dr.  Lixin Tao (Pace), and Dr. Boris Peltsverger (GSW).
    Date: Spring’07 - present.
    APOGEE is an on-going project that can greatly improve the instructional effectiveness in Web programming/Internet engineering classes. The system meets the challenge of how to systematically and fairly handle the grading of an overwhelming number of project submissions in Web programming classes. APOGEE includes a toolset for authoring and running GUI testing scripts that automatically evaluate the quality of student projects. Its ideology is to help students learn from failures. A student project submission has to meet both the functional requirements and non-functional requirements on quality attributes such as security, robustness, and privacy. Any violation of the requirements will be re-played to students by APOGEE with guidance and hints. The tool itself is an ideal platform for experimenting various automatic testing techniques in research.
     

  2. LORA (electronic Learning Outcome Repository and Analysis system).
    Participants: Dr. Xiang Fu (GSW), Dr. Boris Peltsverger (GSW), and Dr. Cathy Rozmus (GSW).
    assisted by nine Master's students (Mr. Hao Chen et al.) in Fall'06 CSCI6900 and Spring'07 CSCI6930 classes.
    Date: Fall'06 - present.
    LORA is a Web-based management systems for instructors to submit learning outcome analysis reports when the instructional activities are completed for a course. In each report, an instructor has to evaluate the achievement on each learning outcome objective, and support the evaluation with sample student course work. Also the system allows to weave a network of knowledge body areas, with the coverage of each subject evidenced by teaching materials such as lecture notes, exam questions, etc. LORA facilitates the job of higher education administrators to examine the completeness of curriculum and teaching effectiveness of an academic program.
     

  3. CACPS (Computer Aided Curriculum Planning and Scheduling system)
    Participants: Dr. Xiang Fu (GSW), Dr. Boris Peltsverger (GSW), and Dr. Cathy Rozmus (GSW).
    Date: Spring'05 - Fall'05.
    CACPS is an automatic scheduling system which helps GSW students plan their academic career early and effectively. The tool generates the personalized study plan for each student, based on the degree requirements, multi-year course offering plan, pre-requisite requirement of courses, and the student’s personal interests and preference. The system can be used as an academic advising tool for academic advisors.

Industry Projects

  1. ComplianceWeb (AET ComplianceWeb System)
    Participants:     Dr. Xiang Fu (GSW), Dr. Alex Yemelyanov (GSW), Dr. Arvind Shah (GSW). The project is implemented by a team of 7 students, Henok Girma and Yi Chen et al.
    Date: Summer 06.
    The ComplianceWeb project helps the consulting firm to keep track of the equipment inspection and testing information for its clients. The project consists of around 40 forms, 60 database tables, and over 40k lines of C# code.

Course Projects Samples (We welcome students to propose their own idea of Capstone Projects and other class projects!)

  1. Lego Robots Soccer and Map Explorer (Spring'07, Capstone Project)

  2. GSW Robocode Competition (Spr'07, Capstone Project)

  3. Tank Battle (Spr'06, Capstone Project)

  4. Online Car Racing Game (Spr'06, Computer Networks)

  5. NASA 3D Maze Game (Spr'06, Capstone Project)

  6. Java Email Client (Spr'06, Computer Networks)

  7. Nursing School Student Management System (Fall'05, Capstone Project)

  PUBLICATIONS back to top

Journal papers

  1. T. Bultan, X. Fu and J. Su. “Analyzing Conversations of Web Services.” In IEEE Internet Computing, vol. 10, no. 1, pp. 18-25, Jan/Feb 2006.

  2. X. Fu, T. Bultan and J. Su. “Synchronizability of Conversations AmongWeb Services.” In IEEE Transactions on Software Engineering (TSE) , vol. 31, no. 12, pp. 1042-1055, December 2005.

  3. X. Fu, T. Bultan and J. Su. “Realizability of Conversation ProtocolsWith Message Contents.” In International Journal of Web Services (JWSR), vol. 2, no. 4, pp. 68-93, 2005.

  4. X. Fu, T. Bultan and J. Su. “Conversation Protocols: A Formalism for Specification and Verification of Reactive Electronic Services.” In Theoretical Computer Science (TCS), vol. 328, no. 1-2, pp. 19-37, November 2004.

Books and Book Chapters

  1. K. Qian, X. Fu, L. Tao, C. Xu, and J. Diaz-Herrera. “Software Architecture and Design Illuminated.” Jones and Bartlett Publishers, to appear 2008.

  2. R. Allen, K. Qian, L. Tao, and X. Fu. “AJAXWeb Development Illuminated.” Jones and Bartlett Publishers, to appear 2008.

  3. T. Bultan, X. Fu, and J. Su. “Analyzing Conversations: Realizability, Synchronizability, and Verification.” Book chapter. To appear in Testing and Analysis of Web Services, Luciano Baresi and Elisabetta Di Nitto (eds.), Springer, 2007.

  4. L. Tao, X. Fu and K. Qian. “Software Architecture Design Methodologies and Styles.” Stipes Publishing, ISBN: 1588746216, July 2006.

Conference Papers

  1. T. Bultan and X. Fu. “Specification of Realizable Service Conversations Using Collaboration Diagrams.”  in Proceedings of the IEEE International Conference on Service-Oriented Computing and Applications (SOCA 2007).

  2. X. Fu, X. Lu, K. Qian, B. Peltsverger, L. Tao, and S. Chen. “A Static Analysis Framework for Detecting SQL Injection Vulnerabilities.” In Proceedings of the 31st IEEE Annual Computer Software and Applications Conference (COMPSAC 2007), Beijing, July 2007.

  3. A. Gravel, X. Fu, and J. Su, “An Analysis Tool for Execution of BPEL Services.” In Proceedings of the Ninth IEEE Conference on E-Commerce Technology and the 4th IEEE Conference on Enterprise Computing, E-Commerce, & E-Services (CEC/EEE 2007), Tokyo, Japan, July 24-26, 2007.

  4. B. Campbell, X. Fu, and B. Peltsverger. “Innovative Student Recruiting Approaches for Smaller and Liberal Arts Institutions.” In Proceedings of the Tenth Annual Meeting of National Collegiate Inventors and Innovators Alliance (NCIIA), Portland, Oregon, USA, March 23-25, 2006.

  5. A. Betin-Can, T. Bultan, and X. Fu. “Design for Verification for Asynchronously Communicating Web Services.” In Proceedings of the Fourteenth International World Wide Web Conference (WWW 2005), pp. 750-759, Chiba, Japan, May 10-14, 2005.

  6. T. Bultan, X. Fu, and J. Su. “Tools for Automated Verification of Web Services.” Invited paper. In Proceedings of the Second International Symposium on Automated Technology on Verification and Analysis (AVTA 2004), Farn Wang (ed.), LNCS 3299, pp. 8-10, Taipei, Taiwan, October 31 -November 3, 2004.

  7. X. Fu, T. Bultan and J. Su. “Model Checking XML Manipulating Software.” In Proceedings of the 2004 ACM/SIGSOFT International Symposium on Software Testing and Analysis (ISSTA) , pp. 252– 262, Boston, Massachusetts, July 11-14, 2004.

  8. X. Fu, T. Bultan and J. Su. “WSAT: A Tool For Formal Analysis of Web Services.” Tool paper, in Proceedings of the Sixteenth International Conference on Computer Aided Verification (CAV) , pp. 501 – 504, Boston Massachusetts, July 11-14, 2004.

  9. X. Fu, T. Bultan and J. Su. “Realizability of Conversation Protocols with Message Contents.” In Proceedings of the 2004 IEEE International Conference on Web Services (ICWS) , pp. 96 – 103, San Diego, California, July 6 – 9 , 2004.

  10. X. Fu, T. Bultan and J. Su. “Analysis of Interacting BPEL Web Services.” In Proceedings of the Thirteenth International World Wide Web Conference (WWW), pp. 621 – 630, New York, NY, May 17-22, 2004.

  11. X. Fu, T. Bultan and J. Su. “Conversation Protocols: A Formalism for Specification and Verification of Reactive Electronic Services.” In Proceedings of the Eighth International Conference on Implementation and Application of Automata (CIAA), LNCS 2759, pp. 188 – 200, Springer, Santa Barbara, July 2003.

  12. T. Bultan, X. Fu, R. Hull and J. Su. “Conversation Specification: A New Approach to Design and Analysis of E-Service Composition.” In Proceedings of the Twelfth International World Wide Web Conference (WWW), pp. 403 – 410. Budapest, Hungary, May 2003.

  13. X. Fu, T. Bultan, R. Hull and J. Su. “Verification of Vortex Workflows.” In Proceedings of the Seventh International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS), LNCS 2031, pp. 143 – 157, Springer. Genova, Italy, April 2001.

Workshop Papers

  1. J. Su, T. Bultan, and X. Fu. “Web Service Interactions: Analysis and Design.” Invited Paper. In Proceedings of the Second International Workshop on Semantic and Dynamic Web Processes (SDWP 2005), pp. 14-19, Orlando, Florida, USA, July 12-15, 2005.

  2. X. Fu, T. Bultan and J. Su. “A Top-Down Approach to Modeling Global Behaviors of Web Services.” In Proceedings of Workshop on Requirements Engineering and Open Systems (REOS), Monterey, CA, September 2003.

  3. X. Fu, T. Bultan and J. Su. “Formal Verification of E-Services and Workflows.” In Proceedings of International Workshop on Web Services, E-Business, and the Semantic Web (WES), in conjunction with the 14th International Conference on Advanced Information Systems Engineering (CAiSE), LNCS 2512, pp. 188 – 202, Springer. Toronto, Canada, May 2002.

Posters

  1. L. Tao, K. Qian, X. Fu, and J. Liu, “Curriculum and Lab Renovations for Teaching Server-Based Computing.” Poster. ACM Technical Symposium on Computer Science Education (SIGCSE 2007), Covington, Kentucky, USA, March 7-10, 2007.

Ph.D Thesis

  1. Xiang Fu. "Formal Specification and Verification of Asynchronously Communicating Web Services.", Ph.D Thesis, University of California, Santa Barbara. June, 2004.
 
Georgia Southwestern State University, 800 Wheatley Street, Americus, GA 31709