Oracle Labs | Single Researcher Page

Behnaz Hassanshahi

Principal Researcher

Behnaz Hassanshahi

Behnaz Hassanshahi is a Principal Researcher at Oracle Labs Australia. In her current role, Behnaz is leading the open-source project Macaron, an analysis tool for software supply chain security. She is also working on static security analysis of Oracle Cloud Infrastructure.

In her previous project, Behnaz was the technical lead of Gelato, a Dynamic Application Security Testing (DAST) tool that analyses client-side JavaScript applications to find security vulnerabilities both at the client and server side of web applications. Gelato is now used as a product in Oracle. During the past few years, Behnaz has also explored various static and dynamic analysis as well as fuzzing techniques to analyse client-side and server-side JavaScript programs.

This is her second stint at Oracle Labs. When Behnaz worked here in 2015 as an intern in the Java Vulnerability Detection team, she designed an adaptive points-to framework that scales over OpenJDK.

After graduating from Amirkabir University of Technology (Tehran) in 2010 with a Bachelor of Science (Software Engineering), Behnaz did her PhD at the National University of Singapore. While at NUS, she was also awarded the Singapore International Graduate Award, and was a member of the Security Research Group.

Her thesis topic – Characterization, Detection and Exploitation of Injection Attacks in Android – and the security research prepared her well for her work at Oracle.

Behnaz conducts research in the area of program analysis and its intersection with computer security that will improve the security of large complex software.

Education:

* PhD in Computer Science, 2011-2016, National University of Singapore

* BSc in Software Engineering, 2006–2010, Amirkabir University of Technology

Recent and upcoming events:

USENIX Security'25 (PC member)

Software Supply Chain Offensive Research and Ecosystem Defenses (SCORED) 2024 (PC member)

USENIX Security'24 (PC member)

USENIX Security'23 (PC member) and received a Noteworthy Reviewer award

SecDev'22 (Publicity Chair)

ISSTA'22 (PC member)

iMentor, CCS'21 (Panelist)

SCAM'21 - Engineering Track (Program Chair)

ACSAC'21 (PC member)

SCAM'20 (PC member)

ACSAC'20 (PC member)

Publications

Behnaz Hassanshahi

Principal Researcher

Publications

Macaron: A Logic-based Framework for Software Supply Chain Security Assurance

Experience: Model-Based, Feedback-Driven, Greybox Web Fuzzing with BackREST.

Experience: Model-Based, Feedback-Driven, Greybox Web Fuzzing with BackREST

Automatic Root Cause Quantification for Missing Edges in JavaScript Call Graphs

Experience: Model-Based, Feedback-Driven, Greybox Web Fuzzing with BackREST

Gelato: Feedback-driven and Guided Security Analysis of Client-side Web Applications

Poster: Unacceptable Behavior: Robust PDF Malware Detection Using Abstract Interpretation

BackREST - A Model-Based Feedback-Driven Greybox Fuzzer for Web Applications.

Women in CS panel

Unacceptable Behavior - Robust PDF Malware Detection Using Abstract Interpretation.

An efficient tunable selective points-to analysis for large codebases.

SOAP 2017 Presentation - An Efficient Tunable Selective Points-to Analysis for Large Codebases

Resources For

Partners

Emerging Technology

What’s New

Contact Us