My research focuses on assessing and improving the reliability and security of software, in particular with the help of automated tools. This requires me to cross back and forth between the fields of programming languages, software engineering, and systems security. My principal interests lie in program analysis for real-world systems, runtime monitoring and instrumentation, and specification and detection of malware.
I am / have been serving on the program committees of the following conferences and workshops.
ESSoS 2017, SPRO 2016, RV 2016, PPREW-5, ESSoS 2016 (PC member and Doctoral Symposium Chair), SPRO 2015, SAS 2014, ICST 2014, PPREW-4, EUC 2014, ICST 2013, PPREW 2013, EDCC 2012, SOFSEM 2012, SEW 2012, SEW 2011
I am lucky to be working with the following PhD students:
A main theme of the project will be mobile applications analyses to extract behavioral information necessary for effective policy enforcement and mobile malware mitigation techniques. To this end, we have recently presented CopperDroid, an approach to perform dynamic behavioral analysis of Android malware. CopperDroid presents a unified analysis to characterize low-level OS-specific and high-level Android-specific behaviors. A number of research questions including the automatic, comprehensive, and faithful reconstruction of Android apps behaviors, the reliable identification of behaviors triggered by malware embedded in benign applications, event-behavior attributions, and the simulation of complex UI interactions are still open and will be explored by MobSec.
We will further focus on detection of malicious mobile applications a particularly challenging task in the mobile landscape that largely sees malware repackaged (and embedded) in benign apps, and the enforcement of fine-grained security policies to contain malicious behaviors—abstracting away (or limiting) users involvement (as opposed to the state-of- the-art). Hardware-supported virtualization to provide efficient in-device mitigations against mobile threats.
Sponsored by a Google Faculty Research Award.
Sponsored by the Research Institute in Verified Trustworthy Software Systems and the Centre for Doctoral Training in Cyber Security.
Here are the slides of my tutorial on Symbolic Execution given at MEMOCODE/FMCAD and IIT Kanpur.
Sponsored by L3-TRL.
Vulnerabilities in software are a major security concern; when they are reported, they usually require immediate and expensive action by the affected software vendor. However, many vulnerabilities are not disclosed to the vendor but instead collected and traded by government agencies and cyber criminals alike. Even where developers may have seen warnings or bug reports by testing or static analysis, they may lack the specialized knowledge to determine whether a suspicious line of code is an exploitable vulnerability. The idea of automated exploit generation (AEG) systems promises to democratize the art of exploit writing. An AEG system can demonstrate the severity of a bug by generating a working targeted exploit, which takes control of the program and executes a payload, such as spawning a shell.
Jakstab allows to statically analyze binaries directly, without relying on any preprocessing. It integrates disassembly, control flow graph reconstruction, and abstract interpretation in a single process. Jakstab was successfully used to verify Windows device driver binaries and generate control flow graphs for Windows and Linux binaries. Because it avoids making assumptions about well-behavedness of code, its particularly good at working with unconventional and hand-written machine code. In ongoing work, Jakstab is being extended to remove obfuscation layers from malware by static analysis. Jakstab is open source and designed to be extensible by custom analysis and binary frontends. Check it out on jakstab.org.
The fastest way from central London is to take the Waterloo - Reading train and get off at Egham (37 min from Waterloo). Look up connections from anywhere in London.
From Egham station, you can either walk (20 min), take the shuttle bus (10 min, during term time), or take a taxi (5 min). Click here for a detailed map.
The college is two miles from Junction 13 of the M25. You can enter campus through the main gate at Founder's Building, but you will need to have a space reserved for you since parking is by permit only.
The nearest airport to Royal Holloway is is London Heathrow. You can take a Taxi from there to reach campus in about 15 min, or take bus 71 from Terminal 5 or bus 441 from Heathrow Central Bus Station (30-40 min).
From London Gatwick, the fastest route is to take the train to Clapham Junction and change to a Waterloo-Reading train to Egham (about 1h10 total travel time).