ICSE 2016 – Rethinking Verification: Accuracy, Efficiency and Scalability through Human-Machine Collaboration
Abstract: With growing dependence on software in embedded and cyber-physical systems where vulnerabilities and malware can lead to disasters, efficient and accurate verification has become a crucial need for safety and cybersecurity. Formal verification of large software has remained an elusive target, riddled with problems of low accuracy and high computational complexity. The need for […]
ICISS 2015 – FlowMiner: Automatic Summarization of Library Data-Flow for Malware Analysis
Abstract: FlowMiner is a tool for automatically mining expressive, fine-grained data-flow summaries from Java library bytecode. FlowMiner captures enough information to enable context, type, field, object and flow-sensitive partial program analysis of applications using the library. FlowMiner’s summaries are compact- flow details of a library that are non-critical for future partial program analysis of applications are elided into simple […]
ICISS 2015 – Program Analysis and Reasoning for Hard to Detect Software Vulnerabilities
Abstract: Software is everywhere and so are software vulnerabilities, affecting individuals, companies and nations. Deliberately planted software vulnerabilities (“malware”) have ravaged nuclear reactors and unintended software vulnerabilities (“bugs”) have recently caused all American Airlines planes to be grounded for hours. Software vulnerabilities elude regression testing because their occurrence often depends on intricate sequences of low-probability […]
ISSRE 2015 – Hard Problems at the Intersection of Cybersecurity and Software Reliability
Abstract: This tutorial is aimed at the audience interested in knowing how software reliability and cybersecurity converge in terms of intrinsic hard problems, and how that knowledge can be useful for advancing the research and practice in both fields. This tutorial is based on our research in three Defense Advanced Research Projects Agency (DARPA) projects […]
ASE 2015 – Computer-aided Collaborative Validation of Large Software
Abstract: Neither manual nor totally automated discovery of software vulnerabilities is practical. Manual discovery requires extremely laborious work by highly skilled software analysts and totally automated discovery is riddled with intractable problems. This tutorial introduces a novel practical approach for machine-enabled human-in-the-loop discovery of software vulnerabilities, and is based on “amplifying human intelligence” rather than […]
MILCOM 2015 – Practical Program Analysis for Discovering Android Malware
Abstract: The growing threat of malware in embedded systems and the possibility of adversaries crafting one-of-a-kind sophisticated malware as a catastrophic cyberweapon makes malware detection a high priority topic for advanced research, college education, and professional training. There is a need for automated detection tools for commercial applications as well as a need for sophisticated […]
ICSE 2015 – Security Toolbox for Detecting Novel and Sophisticated Android Malware
Abstract: This paper presents a demo of our Security Toolbox to detect novel malware in Android apps. This Toolbox is developed through our recent research project funded by the DARPA Automated Program Analysis for Cybersecurity (APAC) project. The adversarial challenge (“Red”) teams in the DARPA APAC program are tasked with designing sophisticated malware to test […]
AICSSC 2014 – Euler and the 336 million dollar software patent
Keynote speech “Euler and the 336 million dollar software patent” was given by Dr. Suresh Kothari. Venue: All India IEEE Computer Society Student Congress 2014 (AICSSC), Pune, India, December 13, 2014 Author: Suresh Kothari
INDICON 2014 – Cyber bombs are ticking, what is there to protect us
Keynote speech “Cyber bombs are ticking, what is there to protect us.” was given by Dr. Suresh Kothari. Venue: The 11th IEEE India Conference for Emerging Trends and Innovation in Technology (INDICON 2014), December 11-13 2014, Yashada, Pune, India Author: Suresh Kothari
SMC 2014 – A “Human-in-the-loop” Approach for Resolving Complex Software Anomalies
Abstract: Automated static analysis tools are widely used in identifying software anomalies, such as memory leak, unsafe thread synchronization and malicious behaviors in smartphone applications. Such anomaly-prone scenarios can be bifurcated into: “ordinary” (analysis requires relatively simple automation) and “complex” (analysis poses extraordinary automation challenges). While automated static analysis tools can resolve ordinary scenarios with […]