Behnaz Hassanshahi is a Principal Researcher at Oracle Labs Australia. In her current role, Behnaz is leading project Macaron, a supply chain security analysis tool for open source projects. She is also working on static security analysis of Oracle Cloud Infrastructure.

In her previous project, Behnaz was the technical lead of Gelato, a Dynamic Application Security Testing (DAST) tool that analyses client-side JavaScript applications to find security vulnerabilities both at the client and server side of web applications. Gelato is now used as a product in Oracle. During the past few years, Behnaz has also explored various static and dynamic analysis as well as fuzzing techniques to analyse client-side and server-side JavaScript programs.

This is her second stint at Oracle Labs. When Behnaz worked here in 2015 as an intern in the Java Vulnerability Detection team, she designed an adaptive points-to framework that scales over OpenJDK.

After graduating from Amirkabir University of Technology (Tehran) in 2010 with a Bachelor of Science (Software Engineering), Behnaz did her PhD at the National University of Singapore. While at NUS, she was also awarded the Singapore International Graduate Award, and was a member of the Security Research Group.

Her thesis topic – Characterization, Detection and Exploitation of Injection Attacks in Android – and the security research prepared her well for her work at Oracle.

Behnaz conducts research in the area of  program analysis and its intersection with computer security that will improve the security of large complex software.

Education:

* PhD in Computer Science, 2011-2016, National University of Singapore

* BSc in Software Engineering, 2006–2010, Amirkabir University of Technology

Recent and upcoming events:

USENIX Security'23 (PC member)

SecDev'22 (Publicity Chair)

ISSTA'22 (PC member)

iMentor, CCS'21 (Panelist)

SCAM'21 - Engineering Track (Program Chair)

ACSAC'21 (PC member)

SCAM'20 (PC member)

ACSAC'20 (PC member)