Detection of Malware Collustion with Static Dependence Analysis on Inter-App Communication
Funded by: Defense Advanced Research Projects Agency (DARPA)
The goal of this project is to systematically characterize, analyze, and classify risky inter-component communications (ICC) and file sharing across two or multiple android applications that lead to the leak of sensitive data, the abusing of system resources, and spoofing. I am working on design techniques to detect malware collusion via the static analysis on inter-app communications, in order to identify risky communication channels across multiple applications.
Effectiveness of Code Reviews, Microsoft Research
The goal of this project is to identify the characteristics of useful code reviews. During my summer internship at Microsoft Research, I built and verified a machine learning model based on developer interviews and manual analysis to predict useful code reviews. I identified a set of factors affecting usefulness of code reviews and provided recommendations for practitioners.
Science of Security Lablet, North Carolina State University, University of Alabama
Funded by: National Security Agency (NSA)
Replication package for the Vulnerable Code Changes (VCC) study (FSE 2014)
The goal of this project is to understand the impact of various testing and inspection techniques on software security. Using a three-stage manual and automated process, we created a dataset of security vulnerabilities identified during code reviews. We identified a set of characteristics for vulnerable code changes and provided recommendations to combat those more effectively. This project has resulted in four publications to date.
Virtual Organizations as Sociotechnical Systems (VOSS), University of Alabama
Funded by: National Science Foundation (NSF)
Replication package for the social network analysis study (ESEM 2014)
The goal of this project is to understand how OSS developers collaborate and form impressions about their peers. We surveyed OSS developers, mined software repositories, and applied social network analysis techniques. We identified various benefits of peer code reviews and provided a set of recommendations for both practitioners and researchers. This project has resulted in five publications to date and two more journal papers are under preparation.
Reputation in StackOverflow, University of Alabama
The goal of this project is to understand how participants build reputation in StackOverflow, the most popular Q\&A site for developers. We mined the large scale dataset of StackOverflow to identify a set of recommendations for prospective reputation seekers. This project has resulted in one publication.