• In this project we explore techniques beyond those in the Program Analysis domain, to find bugs and vulnerabilities, as well as ways of preventing such bugs and vulnerabilities from happening in the first instance, through Secure Languages.

    What we are doing

    1. We explore Fuzzing techniques to find vulnerabilities in JS applications
    2. We explore Machine Learning techniques to find bugs in C applications. There are two high level steps. Step one is feature selection/extraction including manually specified features and the extraction of features from recurrent neural networks. Step two is to identify off-the-shelf learning models for bug detection. We are currently experimenting with support vector machines (SVM), Gradient Boost Tree (GBT), and naive Bayseian classifier (NBC).
    3. We explore Secure Languages and secure abstractions, and their applications to commercial codebases

    To find out more, contact Cristina Cifuentes.




  • May - Dec 2017: Xingzhong Du, The University of Queensland
  • Sep 2017- Jan 2018: Aaron Craig, Victoria University of Wellington, NZ


  • Dec 2016 - Feb 2017: Chris Gage, Summer Intern, Queensland University of Technology
  • Feb - Nov 2016: Timothy Chappell, Visiting Postdoc, Queensland University of Technology