Completed Projects

EASTEND: Efficient Automatic Security Testing for Dynamic Languages

EASTEND focuses on the idea that an inherently dynamic language is best served by a dynamic approach to verification. We therefore chose to use test generation by dynamic symbolic execution (DSE) to systematically cover paths through programs and check security properties along those paths. The two main lines of work were to improve DSE for real-world JavaScript code and to develop a flexible specification methodology for security properties. more
MobSec: Malware and Security in the Mobile Age

The MobSec project explores research questions around the automatic, comprehensive, and faithful reconstruction of Android app behaviors, the reliable identification of behaviors triggered by malware embedded in benign applications, event-behavior attributions, and the simulation of complex UI interactions. more
Automated Security Testing of Webview Interfaces

The goal of this project is to develop methods for assessing the impact of insecure JavaScript interfaces in Webviews: while many functions exposed through such interfaces are harmless, some can allow an attacker to obtain or manipulate sensitive information, or even to load additional privilege escalation exploits. more

EASTEND: Efficient Automatic Security Testing for Dynamic Languages