Photo

Postdoc at Carnegie Mellon University in the VeriS group at the Silicon Valley campus.

Research

My research interest is software analysis in the broad sense: automated techniques to establish program properties such as functional correctness, safety, security and efficiency. In particular, I am interested in analysing consumption of resources such as time, memory and energy.

Currently, I work on the ISSTAC project, sponsored by the DARPA STAC program. Here, I apply resource analysis in the search for vulnerabilities to algorithmic complexity based attacks (Denial-of-Service). If a certain input causes a software system to consume an impractically large amount of resources, an adversary could use this input to deny service to benign users or otherwise disable the system. My research aims to identify such vulnerabilities in a semi-automated manner.

Before joining CMU-SV, I was affiliated with the Open University of the Netherlands and Radboud University Nijmegen, where I did my PhD, advised by Marko van Eekelen. During my PhD, I developed various software analysis methods for resource-sensitive systems, including a loop-bound analysis, heap and stack analysis and a technique that analyses energy consumption of hybrid systems where hardware is controlled by software. Such technologies can increase system safety and reliability by preventing resource-related crashes, strengthen security by detecting vulnerabilities at compile-time and aid program optimization for performance or efficiency.

Contact

NASA Research Park
Building 19, Room 1006
Moffett Field, CA 94035

Tools

Kelinci, an interface for running AFL on Java programs.
JayHorn, a Horn-based verification tool for Java.
SPF-WCA, infers algorithmic complexity of Java methods. Based on Symbolic PathFinder.
ECAlogic, energy analysis of software-controlled systems.
ResAna, heap, stack and loop-bound analysis for Java.

Publications

Scientific peer-reviewed publications

Technical reports

Non-scientific

Poster presentations

PhD Thesis