Oracle

Oracle Labs
People
Francois Gauthier

Francois Gauthier

Francois Gauthier - Principal Researcher

François Gauthier is a Principal Researcher for Oracle Labs, working in the Program Analysis Group. He is currently developing next-gen Runtime Application Self Protection (RASP) solutions.

His main research focus is automated security analysis, through fuzzing, static, and dynamic analysis. His research interests also include software engineering, testing, and machine learning.

Education:

* PhD Computer Engineering 2014, University of Montreal, Canada

* MSc Bioinformatics 2007, University of Montreal, Canada

* BSc Bioinformatics 2005, University of Montreal, Canada

Publications
Patents

Nodest - feedback-driven static analysis of Node.js applications.
Benjamin Barslev Nielsen, Behnaz Hassanshahi, François Gauthier, ESEC/SIGSOFT FSE

Vandal: A scalable security analysis framework for smart contracts
Anton Jurisevic, Bernhard Scholz, Eric Liu, Francois Gauthier, Lexi Brent, Michael Kong, Ralph Holz, Vincent Gramoli, arXiv

AFFOGATO - runtime detection of injection attacks for Node.js.
François Gauthier, Behnaz Hassanshahi, Alexander Jordan, ISSTA/ECOOP Workshops

SAFE-PDF - Robust Detection of JavaScript PDF Malware Using Abstract Interpretation.
Alexander Jordan, François Gauthier, Behnaz Hassanshahi, David Zhao, CoRR

JSPChecker: Static Detection of Context-Sensitive Cross-Site Scripting Flaws in Legacy Web Applications
Antonin Steinhauser, Francois Gauthier, 2016 ACM Workshop on Programming Languages and Analysis for Security

Evolutionary analysis of access control models: a formal concept analysis method
Zhuobing Han, Mathieu Mérineau, Francois Gauthier, Ettore Merlo, Xiaohong Li, Eleni Stroulia, CASCON 2015:5pp.

Supporting Maintenance and Evolution of Access Control Models in Web Applications
Francois Gauthier, Ettore Merlo, Eleni Stroulia, David Turner, ICSME 2014:5pp.

Semantic smells and errors in access control models: A case study in PHP
Francois Gauthier, Ettore Merlo, ICSE 2013:1169-1172

Uncovering access control weaknesses and flaws with security-discordant software clones
Francois Gauthier, Thierry Lavoie, Ettore Merlo, ACSAC 2013:209-218

Alias-aware propagation of simple pattern-based properties in PHP applications
Francois Gauthier, Ettore Merlo, SCAM 2012:44-53

Fast detection of access control vulnerabilities in PHP applications
Francois Gauthier, Ettore Merlo, WCRE 2012:247-256

Investigation of Access Control Models with Formal Concept Analysis: A Case Study
Francois Gauthier, Ettore Merlo, CSMR 2012:397-402

Targeted genetic test SQL generation for the DB2 database
Dominic Letarte, Francois Gauthier, Ettore Merlo, Nattavut Sutyanyong, Calisto Zuzarte, DBTest 2012:5pp.

Extraction and comprehension of Moodle's access control model: A case study
Francois Gauthier, Dominic Letarte, Thierry Lavoie, Ettore Merlo, PST 2011:44-51

Security model evolution of PHP web applications
Dominic Letarte, Francois Gauthier, Ettore Merlo, ICST 2011:289-298
Detecting Malicious Code Embedded In Documents
(May 19, 2020)

Staged Refinement For Static Analysis
(Jan 21, 2020)

Modular Points-To Analysis
(Jan 7, 2020)

Static Detection Of Context-Sensitive Cross-Site Scripting Vulnerabilities
(Jun 18, 2019)

About Oracle Labs

Projects

Team

Research Centers

External Research Office

All News

Francois Gauthier

Hardware and Software, Engineered to Work Together