Blog Archives

ICSE 2018 – Demystifying Cyber-Physical Malware

Abstract:  The traditional notion of malware is too narrow, and the prevalent characterizations (virus, worm, trojan horse, spyware etc.) are neither precise nor comprehensive enough to characterize cyber-physical malware (CPM). Detecting sophisticated CPM is like searching for a needle in the haystack without knowing what the needle looks like. This technical briefing congregates interdisciplinary knowledge […]

Categories: Papers

ICSE 2018 – COMB: Computing Relevant Program Behaviors

Abstract: The paper presents COMB, a tool to improve accuracy and efficiency of software engineering tasks that hinge on computing all relevant program behaviors. Computing all behaviors and selecting the relevant ones is computationally intractable. COMB uses Projected Control Graph (PCG) abstraction to derive the relevant behaviors directly and efficiently. The PCG is important as […]

Categories: Papers

ASE 2016 – Learn to Build Automated Software Analysis Tools with Graph Paradigm and Interactive Visual Framework

Abstract: Software analysis has become complex enough to be intimidating to new students and professionals. It can be difficult to know where to start with over three decades of staggering research in data and control flow analyses and a plethora of analysis frameworks to choose from, ranging in maturity, support, and usability. While textbooks, surveys […]

Categories: Tutorials

ICSE 2016 – Let’s Verify Linux: Accelerated Learning of Analytical Reasoning through Automation and Collaboration

Abstract: We describe our experiences in the classroom using the internet to collaboratively verify a significant safety and security property across the entire Linux kernel. With 66,609 instances to check across three versions of Linux, the naive approach of simply dividing up the code and assigning it to students does not scale, and does little […]

Categories: Papers

ICSE 2016 – Rethinking Verification: Accuracy, Efficiency and Scalability through Human-Machine Collaboration

Abstract: With growing dependence on software in embedded and cyber-physical systems where vulnerabilities and malware can lead to disasters, efficient and accurate verification has become a crucial need for safety and cybersecurity. Formal verification of large software has remained an elusive target, riddled with problems of low accuracy and high computational complexity. The need for […]

Categories: Papers

ASE 2015 – Computer-aided Collaborative Validation of Large Software

Abstract: Neither manual nor totally automated discovery of software vulnerabilities is practical. Manual discovery requires extremely laborious work by highly skilled software analysts and totally automated discovery is riddled with intractable problems. This tutorial introduces a novel practical approach for machine-enabled human-in-the-loop discovery of software vulnerabilities, and is based on “amplifying human intelligence” rather than […]

Categories: Tutorials

ICSE 2015 – Security Toolbox for Detecting Novel and Sophisticated Android Malware

Abstract: This paper presents a demo of our Security Toolbox to detect novel malware in Android apps. This Toolbox is developed through our recent research project funded by the DARPA Automated Program Analysis for Cybersecurity (APAC) project. The adversarial challenge (“Red”) teams in the DARPA APAC program are tasked with designing sophisticated malware to test […]

Categories: Papers

ICSE 2014 – Atlas: A New Way to Explore Software, Build Analysis Tools

Abstract: Atlas is a new software analysis platform from EnSoft Corp. Atlas decouples the domain-specific analysis goal from its underlying mechanism by splitting analysis into two distinct phases. In the first phase, polynomial-time static analyzers index the software AST, building a rich graph database. In the second phase, users can explore the graph directly or […]

Categories: Papers