ASE 2015 – Computer-aided Collaborative Validation of Large Software
Abstract: Neither manual nor totally automated discovery of software vulnerabilities is practical. Manual discovery requires extremely laborious work by highly skilled software analysts and totally automated discovery is riddled with intractable problems. This tutorial introduces a novel practical approach for machine-enabled human-in-the-loop discovery of software vulnerabilities, and is based on “amplifying human intelligence” rather than […]
MILCOM 2015 – Practical Program Analysis for Discovering Android Malware
Abstract: The growing threat of malware in embedded systems and the possibility of adversaries crafting one-of-a-kind sophisticated malware as a catastrophic cyberweapon makes malware detection a high priority topic for advanced research, college education, and professional training. There is a need for automated detection tools for commercial applications as well as a need for sophisticated […]
ICSE 2015 – Security Toolbox for Detecting Novel and Sophisticated Android Malware
Abstract: This paper presents a demo of our Security Toolbox to detect novel malware in Android apps. This Toolbox is developed through our recent research project funded by the DARPA Automated Program Analysis for Cybersecurity (APAC) project. The adversarial challenge (“Red”) teams in the DARPA APAC program are tasked with designing sophisticated malware to test […]
AICSSC 2014 – Euler and the 336 million dollar software patent
Keynote speech “Euler and the 336 million dollar software patent” was given by Dr. Suresh Kothari. Venue: All India IEEE Computer Society Student Congress 2014 (AICSSC), Pune, India, December 13, 2014 Author: Suresh Kothari
INDICON 2014 – Cyber bombs are ticking, what is there to protect us
Keynote speech “Cyber bombs are ticking, what is there to protect us.” was given by Dr. Suresh Kothari. Venue: The 11th IEEE India Conference for Emerging Trends and Innovation in Technology (INDICON 2014), December 11-13 2014, Yashada, Pune, India Author: Suresh Kothari
SMC 2014 – A “Human-in-the-loop” Approach for Resolving Complex Software Anomalies
Abstract: Automated static analysis tools are widely used in identifying software anomalies, such as memory leak, unsafe thread synchronization and malicious behaviors in smartphone applications. Such anomaly-prone scenarios can be bifurcated into: “ordinary” (analysis requires relatively simple automation) and “complex” (analysis poses extraordinary automation challenges). While automated static analysis tools can resolve ordinary scenarios with […]
DERBYCON 4.0 – A Bug or Malware? Catastrophic consequences either way.
Abstract: We live in an age of software problems with catastrophic consequences. An extra goto in Apple’s SSL implementation comprised certificate checks for the better part of a year. An erroneous integer conversion in the Ariane 5 launch destroyed the European Space Agency rocket and its cargo valued at 500 million dollars. Often the problem […]
ICSE 2014 – Atlas: A New Way to Explore Software, Build Analysis Tools
Abstract: Atlas is a new software analysis platform from EnSoft Corp. Atlas decouples the domain-specific analysis goal from its underlying mechanism by splitting analysis into two distinct phases. In the first phase, polynomial-time static analyzers index the software AST, building a rich graph database. In the second phase, users can explore the graph directly or […]