I recently work on designing and implementing algorithms and building tools for software side channel analysis as part of the project that is funded by The Space/Time Analysis for Cybersecurity (STAC) program of DARPA. My current work spans research topics such as model counting, constraint solving, symbolic execution, and software security. Previously, I worked on analysis of web applications (JS, PHP) using automata based symbolic string execution techniques to automatically find and fix security related vulnerabilities. I worked on privacy threat detection and prevention on mobile platforms using dynamic analysis techniques (Android).
Other than research and development, I enjoy playing soccer, surfing (need more practice), traveling around, and exploring new places with my wife Yasemin.
for vulnerability analysis on modern applications
software side channel analysis, string analysis, complexity analysis
bug discovery/fixing, test case generation, software security
optimizations, execution environments, domain specific languages
Springer 2017, ISBN 978-3-319-68668-4, pp. 1-166 (e-book)
To be appear in The 26th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE 2018).
Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering (ESEC/FSE 2017).
To be appear in The 20th International Conference on Fundamental Approaches to Software Engineering (FASE 2017).
The 24th ACM SIGSOFT International Symposium on the Foundations of Software Engineering (FSE 2016), Seattle, Washington, USA, November 13-18, 2016.
Proceedings of the 27th International Conference on Computer Aided Verification, Part 1 (CAV 2015), pages 255-272, San Francisco, California, USA, July 18-24, 2015.
Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering (ESEC/FSE 2015), pages 61-72, Bergamo, Italy, Sep 02-04, 2015.
Proceedings of the 2014 International Symposium on Software Testing and Analysis (ISSTA 2014), pages 225-236, San Jose, California, USA, July 21-25, 2014.
Proceedings of the 7th International Conference on Software Testing, Verification and Validation (ICST 2014), pages 193-202, Cleveland, Ohio, USA, March 31-April 4, 2014.
The 37th annual ACM SIGPLAN conference on Programming Language Design and Implementation (PLDI 2016), Santa Barbara, CA, USA, June 13-17, 2016.
ABC is an automata-based model counting constraint solver. It is the only model counter that supports string theory and linear integer arithmetic theory simultaneously. ABC has many applications, including but not limited to, probabilistic symbolic execution, quantitative information flow analysis, test case generation, automated repair, vulnerability analysis, string analysis. Please see our CAV'15 publication for theoritical details. Currently, we are writing a paper on improvements and additions to ABC.
PAC analyzes your code and extracts a theoretical bound on worst case path complexity of your code. There is an online demo available!. PAC currently supports analysis of Java programs and can be extended to any programming language. Please see our ESEC/FSE'15 publication for theoretical details. We are working on improving PAC with inter-procedural analysis.
SemRep analyzes and repairs validation and sanitization functions against each other. The tool does not need any manual specification or intervention. It takes two functions as Dependency Graphs then it looks for differences in validation and sanitization operations for string variables. If a difference is found, the tool suggests a set of three patch functions that can be used to fix the difference. Please see our ISSTA'14 publication for theoretical details.