2022  |  21  |  20  |  19  |  18  |  17  |  16  |  15  |  14  |  13  |  12  |  11  |  10  |  09  |  08  |  07  |  06  |  05  |  04  |  03  |  02  |  01  |  00  |  99

Research Projects

Although a wide variety of approaches identify vulnerabilities in Android apps, none attempt to determine exploitability of those vulnerabilities. Exploitability can aid in reducing false positives of vulnerability analysis, and can help engineers triage bugs. Specifically, one of the main attack vectors of Android apps is their inter-component communication (ICC) interface, where apps may receive messages called Intents.

Research Area(s): 
Project Dates: 
January 2017

I am aiding core developers of the Linux kernel to use mutation analysis to improve kernel systems testing methods, and to verify critical algorithms. I am also investigating the use of bounded model checking (CBMC) on Linux kernel. As an outcome of this project so far we have identified 3 bugs in the Linux kernel. I am also applying mutation analysis on sqlite3 to improve its testing.

Research Area(s): 
Project Dates: 
August 2016

Code search has become an integral part of the day-to-day programming activity with developers seeking to take advantage of the vast amount of code and advice available on sites such as Stack Overflow, GitHub, and Ohloh.  Finding the 'right' code, however, remains a serious challenge.  CodeExchange is a new code search platform that offers social-technical code search: search enriched with social-technical metadata through which targeted queries can be formulated, results quickly filtered, and code that is found easily integrated into the project at hand.

Project Dates: 
July 2012

We are on the cusp of a major opportunity: software tools that take advantage of Big Code. Specifically, Big Code will enable novel tools in areas such as security enhancers, bug finders, and code synthesizers. What do researchers need from Big Code to make progress on their tools? Our answer is an infrastructure that consists of 100,000 executable Java programs together with a set of working tools and an environment for building new tools.

Research Area(s): 
Project Dates: 
March 2019

The number of malicious Android apps is increasing rapidly. Android malware can damage or alter other files or settings, install additional applications, etc. To determine such behaviors, a security analyst can significantly benefit from identifying the family to which an Android malware belongs, rather than only detecting if an app is malicious. Techniques for detecting Android malware, and determining their families, lack the ability to handle certain obfuscations that aim to thwart detection.

Research Area(s): 
Project Dates: 
January 2016

Savasana is the first white-box approach that uses code analysis for reasoning about consistency of adaptation.

Savasana consists of two parts: Static Code Analysis runs on the system's code and Run-time Control manages the corresponding running system.

Research Area(s): 
Project Dates: 
January 2016

The dynamic nature of markets wherein business relationships are established and dissolved continuously demands systems that can cope with constant change, and do so with security paramount. These relationships are reified as services  that are offered by organizations and used  within a spectrum of domains and use contexts. Current service technologies fail to meet the requirements, however; interfaces are rigid, non-secure, and “one-size-fits-all solutions” which hardly meet the demands of any of its users.

Project Dates: 
July 2007

This project describes and documents observational results that arise from the playtesting­-based evaluation of twenty-­six computer games focused on science learning or scientific research. We refer to this little studied genre of computer games as science learning games (SLGs). Our goal was to begin to identify a new set of criteria, play mechanics, and play experiences that give rise to play­-based learning experiences in the realm of different scientific topics.

Project Dates: 
October 2014

Pages