• Publications
  • Influence
ESP: path-sensitive program verification in polynomial time
TLDR
This paper presents a new algorithm for partial program verification that runs in polynomial time and space, and shows that property simulation scales to large programs and is accurate enough to verify meaningful properties.
RELAY: static race detection on millions of lines of code
TLDR
This work presents RELAY, a static and scalable race detection analysis in which unsoundness is modularized to a few sources and describes the analysis and results from the experiments using RELAY to find data races in the Linux kernel, which includes about 4.5 million lines of code.
SafeDispatch: Securing C++ Virtual Calls from Memory Corruption Attacks
TLDR
This paper presents SAFEDISPATCH, a novel defense to prevent vtable hijacking by statically analyzing C++ programs and inserting sufficient runtime checks to ensure that control flow at virtual method call sites cannot be arbitrarily influenced by an attacker.
On Subnormal Floating Point and Abnormal Timing
TLDR
A benchmark measuring the timing variability of floating point operations is developed, and floating point data timing variability is used to demonstrate practical attacks on the security of the Fire fox browser and the Fuzz differentially private database.
Equality saturation: a new approach to optimization
TLDR
The proposed way of structuring optimizers has a variety of benefits over previous approaches: it obviates the need to worry about optimization ordering, enables the use of a global optimization heuristic that selects among fully optimized programs, and can be used to perform translation validation, even on compilers other than the authors' own.
Staged information flow for javascript
TLDR
This work presents an information-flow based approach for inferring the effects that a piece of JavaScript has on the website in order to ensure that key security properties are not violated and describes the techniques for handling some difficult features of JavaScript.
Proving optimizations correct using parameterized program equivalence
TLDR
Parameterized Equivalence Checking (PEC), a generalization of translation validation that can prove the equivalence of parameterized programs, is presented.
Mojo: A Dynamic Optimization System
TLDR
This paper describes work that has been accomplished over the past several months at Microsoft Research to design and develop a dynamic software optimization system called Mojo, and presents implementation details for the x86 architecture -- Mojo's initial target.
An empirical study of privacy-violating information flows in JavaScript web applications
TLDR
An expressive, fine-grained information flow policy language is designed that allows to specify and detect different kinds of privacy-violating flows in JavaScript code, and a new rewriting-based JavaScript information flow engine is implemented within the Chrome browser to mitigate the privacy threat from covert flows in browsers.
Protecting C++ Dynamic Dispatch Through VTable Interleaving
TLDR
The key insight of the approach is a new way of laying out vtables in memory through careful ordering and interleaving, which is backwards compatible with the traditional way of performing dynamic dispatch.
...
...