基本信息
浏览量:11
职业迁徙
个人简介
My core research interest is in system security, at the intersection of software/web security, software engineering and programming languages. One of the central goals of my research group is to directly contribute to the open-source ecosystem: either by building tools that can be used by practitioners or by uncovering security vulnerabilities in real systems/projects. Below are the most important themes of my research:
Server-side JavaScript security: in USESEC2019 we analyze in detail the threats in the npm ecosystem, in NDSS2018 we study injection vulnerabilities in the ecosystem and propose a way to defend against them, in USESEC2018 we show that vulnerabilities in npm libraries affect real websites, and in ICSE2020 we propose automatically extracting taint specifications for npm packages.
Client-side (web) security: in USESEC2019 we show how authenticated cross-origin image requests enable targeted tracking, and in TheWebConf2019 we study the prevalence of minified and obfuscated JavaScript code on the web and discuss.
Lightweight program analysis for vulnerability detection: in PLAS@CCS 2019 we study the impact of considering implicit flows in information flow analysis for vulnerability detection, in NDSS2018 we use intra-procedural data flow analysis for detecting injection vulnerabilities in npm packages, in ICSE2020 we employ taint analysis for specification extraction, and in CSUR2017 we survey the main challenges for JavaScript dynamic program analysis.
Novel software engineering use cases for existing unit tests: in ASE 2017 we propose using constants in existing unit tests for boosting the performance of automatic test generation, and in ICSE2020 we advocate using existing unit tests for extracting taint specifications.
Applied machine learning: in TheWebConf2019 we use unsupervised machine learning for automatic source code classification, and in ASE 2017 we use more lightweight, statistical techniques for augmenting state-of-the-art automatic test generation.
Server-side JavaScript security: in USESEC2019 we analyze in detail the threats in the npm ecosystem, in NDSS2018 we study injection vulnerabilities in the ecosystem and propose a way to defend against them, in USESEC2018 we show that vulnerabilities in npm libraries affect real websites, and in ICSE2020 we propose automatically extracting taint specifications for npm packages.
Client-side (web) security: in USESEC2019 we show how authenticated cross-origin image requests enable targeted tracking, and in TheWebConf2019 we study the prevalence of minified and obfuscated JavaScript code on the web and discuss.
Lightweight program analysis for vulnerability detection: in PLAS@CCS 2019 we study the impact of considering implicit flows in information flow analysis for vulnerability detection, in NDSS2018 we use intra-procedural data flow analysis for detecting injection vulnerabilities in npm packages, in ICSE2020 we employ taint analysis for specification extraction, and in CSUR2017 we survey the main challenges for JavaScript dynamic program analysis.
Novel software engineering use cases for existing unit tests: in ASE 2017 we propose using constants in existing unit tests for boosting the performance of automatic test generation, and in ICSE2020 we advocate using existing unit tests for extracting taint specifications.
Applied machine learning: in TheWebConf2019 we use unsupervised machine learning for automatic source code classification, and in ASE 2017 we use more lightweight, statistical techniques for augmenting state-of-the-art automatic test generation.
研究兴趣
论文共 4 篇作者统计合作学者相似作者
按年份排序按引用量排序主题筛选期刊级别筛选合作者筛选合作机构筛选
时间
引用量
主题
期刊级别
合作者
合作机构
2016 IEEE/ACM 38th International Conference on Software Engineering (ICSE)pp.1063-1073, (2016)
作者统计
合作学者
合作机构
D-Core
- 合作者
- 学生
- 导师
数据免责声明
页面数据均来自互联网公开来源、合作出版商和通过AI技术自动分析结果,我们不对页面数据的有效性、准确性、正确性、可靠性、完整性和及时性做出任何承诺和保证。若有疑问,可以通过电子邮件方式联系我们:report@aminer.cn