Francois Gauthier
Consulting Researcher
Francois Gauthier
François Gauthier is a Principal Researcher for Oracle Labs, working in the Program Analysis Group. He is currently developing next-gen Runtime Application Self Protection (RASP) solutions.
His main research focus is automated security analysis, through fuzzing, static, and dynamic analysis. His research interests also include software engineering, testing, and machine learning.
Education:
* PhD Computer Engineering 2014, University of Montreal, Canada
* MSc Bioinformatics 2007, University of Montreal, Canada
* BSc Bioinformatics 2005, University of Montreal, Canada
Publications
Slides
Synthesis of Java Deserialisation Filters from Examples (Presentation Slides)
Kostyantyn Vorobyov, Francois Gauthier, Sora Bae, Padmanabhan Krishnan, Rebecca ODonoghue
Conference Publication
Synthesis of Java Deserialisation Filters from Examples
Kostyantyn Vorobyov, Francois Gauthier, Sora Bae, Padmanabhan Krishnan, Rebecca ODonoghue
Video
Synthesis of Java Deserialisation Filters from Examples (Conference Video)
Kostyantyn Vorobyov, Francois Gauthier, Sora Bae, Padmanabhan Krishnan, Rebecca ODonoghue
Slides
Experience: Model-Based, Feedback-Driven, Greybox Web Fuzzing with BackREST
Francois Gauthier, Behnaz Hassanshahi, Benjamin Selwyn Smith, Trong Nhan Mai, Max Schlueter, Micah Williams
Conference Publication
Experience: Model-Based, Feedback-Driven, Greybox Web Fuzzing with BackREST
Francois Gauthier, Behnaz Hassanshahi, , Trong Nhan Mai, Max Schlueter, Micah Williams
Slides
Scalable Static Analysis to Detect Security Vulnerabilities: Challenges and Solutions
Nathan Keynes, Francois Gauthier, Nicholas Allen, Diane Corney, Padmanabhan Krishnan, Cristina Cifuentes
Slides
Poster: Unacceptable Behavior: Robust PDF Malware Detection Using Abstract Interpretation
Alexander Jordan, Francois Gauthier, Behnaz Hassanshahi
In Proceedings
IFDS Taint Analysis with Access Paths.
Nicholas Allen, François Gauthier, Alexander Jordan
In Proceedings
BackREST - A Model-Based Feedback-Driven Greybox Fuzzer for Web Applications.
François Gauthier, Behnaz Hassanshahi, Benjamin Selwyn-Smith, Trong Nhan Mai, Max Schlüter, Micah Williams
Conference Publication
IFDS Taint Analysis With Access Paths
Francois Gauthier, Nicholas Allen, Alexander Jordan
In Proceedings
Trade-offs in managing risk and technical debt in industrial research labs - an experience report.
François Gauthier, Alexander Jordan, Padmanabhan Krishnan, Behnaz Hassanshahi, Jörn Guy Süß, Sora Bae, Hyunjun Lee
In Proceedings
Nodest - feedback-driven static analysis of Node.js applications.
Benjamin Barslev Nielsen, Behnaz Hassanshahi, François Gauthier
Conference Publication
Vandal: A scalable security analysis framework for smart contracts
Anton Jurisevic, Bernhard Scholz, Eric Liu, Francois Gauthier, Lexi Brent, Michael Kong, Ralph Holz, Vincent Gramoli
In Proceedings
Unacceptable Behavior - Robust PDF Malware Detection Using Abstract Interpretation.
Alexander Jordan, François Gauthier, Behnaz Hassanshahi, David Zhao
In Proceedings
Reference Abstract Domains and Applications to String Analysis.
Roberto Amadini, Graeme Gange, François Gauthier, Alexander Jordan, Peter Schachte, Harald Søndergaard, Peter J. Stuckey, Chenyi Zhang
In Proceedings
Reference Abstract Domains and Applications to String Analysis.
Roberto Amadini, Graeme Gange, François Gauthier, Alexander Jordan, Peter Schachte, Harald Søndergaard, Peter J. Stuckey, Chenyi Zhang
In Proceedings
Scalable Static Analysis to Detect Security Vulnerabilities - Challenges and Solutions.
François Gauthier, Nathan Keynes, Nicholas Allen, Diane Corney, Padmanabhan Krishnan
In Proceedings
Driver Generation for Java EE Web Applications.
Jens Dietrich, François Gauthier, Padmanabhan Krishnan
In Proceedings
AFFOGATO - runtime detection of injection attacks for Node.js.
François Gauthier, Behnaz Hassanshahi, Alexander Jordan
In Proceedings
SAFE-PDF - Robust Detection of JavaScript PDF Malware Using Abstract Interpretation.
Alexander Jordan, François Gauthier, Behnaz Hassanshahi, David Zhao
In Proceedings
Combining String Abstract Domains for JavaScript Analysis - An Evaluation.
Roberto Amadini, Alexander Jordan, Graeme Gange, François Gauthier, Peter Schachte, Harald Søndergaard, Peter J. Stuckey, Chenyi Zhang
In Proceedings
JSPChecker: Static Detection of Context-Sensitive Cross-Site Scripting Flaws in Legacy Web Applications
Antonin Steinhauser, Francois Gauthier
Conference Publication
Evolutionary analysis of access control models: a formal concept analysis method
Zhuobing Han, Mathieu Mérineau, Francois Gauthier, Ettore Merlo, Xiaohong Li, Eleni Stroulia
Conference Publication
Supporting Maintenance and Evolution of Access Control Models in Web Applications
Francois Gauthier, Ettore Merlo, Eleni Stroulia, David Turner
Conference Publication
Uncovering access control weaknesses and flaws with security-discordant software clones
Francois Gauthier, Thierry Lavoie, Ettore Merlo
Conference Publication
Semantic smells and errors in access control models: A case study in PHP
Francois Gauthier, Ettore Merlo
Conference Publication
Fast detection of access control vulnerabilities in PHP applications
Francois Gauthier, Ettore Merlo
Conference Publication
Alias-aware propagation of simple pattern-based properties in PHP applications
Francois Gauthier, Ettore Merlo
Conference Publication
Targeted genetic test SQL generation for the DB2 database
Dominic Letarte, Francois Gauthier, Ettore Merlo, Nattavut Sutyanyong, Calisto Zuzarte
Conference Publication
Investigation of Access Control Models with Formal Concept Analysis: A Case Study
Francois Gauthier, Ettore Merlo
Conference Publication
Extraction and comprehension of Moodle's access control model: A case study
Francois Gauthier, Dominic Letarte, Thierry Lavoie, Ettore Merlo
Conference Publication
Security model evolution of PHP web applications
Dominic Letarte, Francois Gauthier, Ettore Merlo