Research themes
My Ph.D. work explored static and runtime analysis of Java applications for finding security vulnerabilities. Since then, the space of my research interests has expanded quit a bit.
Security
Security is in the limelight a lot these days. One of my key interests is web application security as well as mobile security. Much of my research takes a language-based approach to enforcing desirable security properties via a combination of static analysis, runtime enforcement, and so forth. A lot of my work focuses on detecting malware, especially |
[DSN 2016] [Usenix Security 2014] [PLDI 2014] [PLDI 2013] [POPL 2013] [POPL 2013] [Oakland Security 2012] [Usenix Security 2011] [Usenix Security 2011] [CCS 2011] [Oakland 2011] [Oakland 2010]
Privacy
Privacy is increasingly important in today's connected society. Over the last several years one observes a shift to cloud-based services that entice the user to move their data into the cloud, where the issues of data governance are often not well understood. Much of my work in this space has focused on creating attractive browser-based and mobile mechanisms that give the user a more attractive level of privacy without compromising the functionality. In fact, in some cases, it is entirely possible to design services that are both more |
[Oakland 2015] [CHI 2014] [Usenix Security 2013] [Usenix Security 2013] [PETS 2012] [Oakland 2011]
Program Analysis
I have a broad interest in analyzing programs to discover bugs and propose fixes. The need for program analysis, as well as static, and runtime reasoning arises in a number of settings, such as checking apps that are submitted to an app store (e.g. Apple's App Store or Windows Marketplace). I have developed static analyzers for languages including C, C++, Java, C#, and, most recently, JavaScript. We have explored the tradeoffs between fully sound analysis and less sound, yet practical analysis, coining the term |
[CACM'15] [OOPSLA 2014] [POPL 2012] [FSE 2013] [APPROX'14] [WebApps 2010] [WebApps 2010] [SOCC 2010]
Performance
Given that we are no longer getting significantly faster hardware every year, optimizations are important again. Optimizing programs in a meaningful way is a difficult task. In some domains, such as browsers and their JavaScript runtimes, the competition for performance between runtime vendors is extremely keen. Over the years, we have studied where execution time goes, how to make representative performance benchmarks, how to make programs run faster, and even how to do effective code compression. We have applied optimization ideas and techniques to areas such as optimizing web sites, client-side JavaScript code, dataflow programs in the cloud or programming large scale surveys. I am interested in making web and mobile applications run faster, without consuming too much energy. |
[POPL 2015] [OOPSLA 2014] [Usenix Security 2014] [SOCC 2010] [TWEB 2010]
Crowd-sourcing
Some tasks are better done by machines, while others are better relegated to humans. Today, one has access to a wide on-demand audience of |
Augmented reality
Over the past several years we have explored how to build augmented reality platform and applications. These include the first |
[Oakland 2016] [Oakland 2015] [Usenix Security 2013] [HotOS 2013] [MSR-TR-2014-146]