We conduct research on a wide range of topics on systems and Internet security to develop techniques and tools aimed at prevention and detection of cyber attacks.
We focus on vulnerability analysis and detection of web applications using static and dynamic code analysis, formal methods, and ideas from compilers and OSs
We focus on vulnerability analysis of mobile apps and mobile malware analysis
We focus on automated analysis of for-crime software to understand their behavior and build effective defenses
We investigate robust techniques to analyze and detect advanced persistent threats
CHESS: Computers and Humans Exploring Software Security
The CHESS project seeks to scale analysis of programs to find vulnerabilities, exploits, and patches with the help of human users.