University Lecture Series at Google, Mountain View, CA, “Intelligence Amplifying Technology: A Contrarian Approach that Applies Euler’s Method to Complex Software”
Abstract: Fredrick Brooks writes “If indeed our objective is to build computer systems that solve very challenging problems, my thesis is that IA > AI, that is, that intelligence amplifying systems can, at any given level of available systems technology, beat AI systems. That is, a machine and a mind can beat a mind-imitating machine […]
CyLab Distinguished Seminar Series at Carnegie Mellon, “An 18th-century Mathematician, a $336 Million Patent, and Software Verifiability,”
Abstract: What does software verifiability have to do with an 18th-century Swiss mathematician? Come to hear the story that starts with Leonhard Euler, progresses to a patent worth hundreds of millions of dollars, and ends with software verifiability for safety and security. Deriving precise enough relevant architectural knowledge and applying that knowledge is critical for […]
ESEC/FSE 2019 – DISCOVER: Detecting Algorithmic Complexity Vulnerabilities
Abstract: Algorithmic Complexity Vulnerabilities (ACV) are a class of vulnerabilities that enable Denial of Service Attacks. ACVs stem from asymmetric consumption of resources due to complex loop termination logic, recursion, and/or resource intensive library APIs. Completely automated detection of ACVs is intractable and it calls for tools that assist human analysts. We present DISCOVER, a […]
ICSE 2019 – Mockingbird: A Framework for Enabling Targeted Dynamic Analysis of Java Programs
Abstract: The paper presents the Mockingbird framework that combines static and dynamic analyses to yield an efficient and scalable approach to analyze large Java software. The framework is an innovative integration of existing static and dynamic analysis tools and a newly developed component called the Object Mocker that enables the integration. The static analyzers are […]
MILCOM 2018 – Systematic Exploration of Critical Software for Catastrophic Cyber-Physical Malware
Abstract: With the advent of highly sophisticated cyber-physical malware (CPM), a cyber-attack can cripple critical services virtually paralyze the nation. In differentiating CPM from traditional malware, the difference really comes from the open-ended possibilities for malware triggers resulting from the wide spectrum of sensor inputs, and the almost limitless application-specific possibilities for designing malicious payloads. […]
Invited Talk @ UBC – An 18th-century Mathematician, a $336 Million Patent, and Software Experimentation
Abstract: What does software experimentation have to do with an 18th-century Swiss mathematician? Come hear the story that starts with Leonhard Euler, progresses to a software patent worth hundreds of millions, and ends with new ideas for experiment-driven software engineering. The construction of software usually involves many people and programs that need to be maintained […]
Science of Computer Programming – Projected Control Graph for Computing Relevant Program Behaviors
Abstract: Many software engineering tasks require analysis and verification of all behaviors relevant to the task. For example, all relevant behaviors must be analyzed to verify a safety or security property. An efficient algorithm must compute the relevant behaviors directly without computing all the behaviors. This is crucial in practice because it is computationally intractable […]
DySDoc3 – DynaDoc: Automated On-Demand Context-Specific Documentation
Abstract: This 2018 DOCGEN Challenge paper describes DynaDoc, an automated documentation system for on-demand context-specific documentation. A key novelty is the use of graph database technology with an eXtensible Common Software Graph Schema (XCSG). Using XCSG-based query language, DynaDoc can mine efficiently and accurately a variety of program artifacts and graph abstractions from millions of […]
ICSE 2018 – Demystifying Cyber-Physical Malware
Abstract: The traditional notion of malware is too narrow, and the prevalent characterizations (virus, worm, trojan horse, spyware etc.) are neither precise nor comprehensive enough to characterize cyber-physical malware (CPM). Detecting sophisticated CPM is like searching for a needle in the haystack without knowing what the needle looks like. This technical briefing congregates interdisciplinary knowledge […]
Springer Verlag Publishers – Catastrophic Cyber-Physical Malware
Abstract: With the advent of highly sophisticated cyber-physical malware (CPM) such as Industroyer, a cyberattack could be as destructive as the terrorist attack on 9/11, it would virtually paralyze the nation. We discuss as the major risks the vulnerability of: telecommunication infrastructure, industrial control systems (ICS), and mission-critical software. In differentiating CPM from traditional malware, […]