Program Analysis
We are passionate about improving the quality of software and the productivity of developers.
Program Analysis
Program Analysis
We are passionate about improving the quality of software and the productivity of developers.
Project Overview
The Program Analysis team focuses on static, instrumentation and dynamic analysis techniques to find bugs and vulnerabilities in software before the software is deployed. The team's current projects follow.
Publications
Article
ColdPress: An Extensible Malware Analysis Platform for Threat Intelligence
Haoxi Tan, Chandramohan, Mahin, Cifuentes, Cristina, Guangdong Bai, Ryan K. L. Ko
Conference Publication
Evaluating quality of security testing of the JDK.
Paddy Krishnan, Jerome Loh, Rebecca O'Donoghue, Larissa Meinicke
Slides
Detecting Malicious JavaScript in PDFs Using Conservative Abstract Interpretation
Alexander Jordan
Slides
SOAP 2017 Presentation - An Efficient Tunable Selective Points-to Analysis for Large Codebases
Behnaz Hassanshahi, Raghavendra Kagalavadi Ramesh, Padmanabhan Krishnan, Bernhard Scholz, Yi Lu
Article
Evaluating Quality of Security Testing of the JDK
Padmanabhan Krishnan, Jerome Loh, Rebecca ODonoghue, Larissa Meinicke
In Proceedings
An Efficient Tunable Selective Points-to Analysis for Large Codebases
Behnaz Hassanshahi, Raghavendra Kagalavadi Ramesh, Padmanabhan Krishnan, Bernhard Scholz, Yi Lu
Conference Publication
Machine Learning for Finding Bugs: An Initial Report
Timothy Chappell, Cristina Cifuentes, Paddy Krishnan, Shlomo Geva
Conference Publication
Towards Scalable Provenance Generation From Points-To Information: An Initial Experiment}
Padmanabhan Krishnan, Stepan Sindelar, Bernhard Scholz, Raghavendra Kagalavadi Ramesh, Yi Lu
Conference Publication
Machine Learning For Finding Bugs: An Initial Report
Timothy Chappell, Cristina Cifuentes, Padmanabhan Krishnan, Shlomo Geva
Conference Publication
Secure Information Flow by Access Control: A Security Type System of Dual-Access Labels
Yi Lu, Raghavendra Kagalavadi Ramesh, Chenyi Zhang, Padmanabhan Krishnan
Conference Publication
Improving the Scalability of Automatic Linearizability Checking in SPIN
Patrick Doolan, Graeme Smith, Chenyi Zhang, Padmanabhan Krishnan
Slides
Points-To Analysis: Provenance Generation
Stepan Sindelar, Padmanabhan Krishnan, Bernhard Scholz, Raghavendra Kagalavadi Ramesh, Yi Lu
Slides
What Went Wrong? Automatic Triage of Precision Loss During Static Analysis of JavaScript
Alexander Jordan
In Proceedings
EPA: A Precise and Scalable Object-Sensitive Points-to Analysis for Large Programs
Raghavendra Kagalavadi Ramesh, Behnaz Hassanshahi, Padmanabhan Krishnan, Bernhard Scholz, Yi Lu
Slides
Unifying Access Control & Information Flow: A Security Model for Programs Consisting of Trusted and Untrusted Code
Yi Lu, Raghavendra Kagalavadi Ramesh, Chenyi Zhang, Padmanabhan Krishnan
Journal Publication
A low-overhead, value-tracking approach to information flow security
Kostyantyn Vorobyov, Paddy Krishnan, Phil Stocks
Conference Publication
Evolutionary analysis of access control models: a formal concept analysis method
Zhuobing Han, Mathieu Mérineau, Francois Gauthier, Ettore Merlo, Xiaohong Li, Eleni Stroulia
Conference Publication
Supporting Maintenance and Evolution of Access Control Models in Web Applications
Francois Gauthier, Ettore Merlo, Eleni Stroulia, David Turner
Conference Publication
Uncovering access control weaknesses and flaws with security-discordant software clones
Francois Gauthier, Thierry Lavoie, Ettore Merlo
Conference Publication
Semantic smells and errors in access control models: A case study in PHP
Francois Gauthier, Ettore Merlo
Conference Publication
Fast detection of access control vulnerabilities in PHP applications
Francois Gauthier, Ettore Merlo
Conference Publication
Alias-aware propagation of simple pattern-based properties in PHP applications
Francois Gauthier, Ettore Merlo
Conference Publication
Targeted genetic test SQL generation for the DB2 database
Dominic Letarte, Francois Gauthier, Ettore Merlo, Nattavut Sutyanyong, Calisto Zuzarte
Conference Publication
Investigation of Access Control Models with Formal Concept Analysis: A Case Study
Francois Gauthier, Ettore Merlo
Conference Publication
Extraction and comprehension of Moodle's access control model: A case study
Francois Gauthier, Dominic Letarte, Thierry Lavoie, Ettore Merlo
PhD Thesis
A framework for reasoning about inherent parallelism in modern object-oriented languages
Andrew Craik
Conference Publication
Security model evolution of PHP web applications
Dominic Letarte, Francois Gauthier, Ettore Merlo