Research
Research Projects:
Formal Security Verification of Authentication Protocol Implementations
- Built an automated framework to transform the protocol implementation in high-level programming languages (e.g., Java, JS) into finite-state automata that can be verified against the security properties expressed as a domain-specific formal specification language.Automated and scalable vulnerability detection in SSO servers
- Developed automated security analysis to detect vulnerable implementations of authorization protocols in large server-side programs.
- Identified critical security vulnerabilities in popular service providers, including Google, GoFundMe, and 10+ open source projects.
- Discovered 8 new CVEs.Control flow de-obfuscation using partial evaluation (collaboration with Google Android Security)
- Developed a custom p-code interpreter in Ghidra to analyze obfuscated code automatically and to provide necessary primitives to an analyst to be able to craft custom de-obfuscators for complex programs.Learn and Transfer Security Knowledge Across Multiple Platforms
- Used transfer learning methods to learn and transfer security semantics across multiple programming languages (i.e., C++, Java, Python)Automated large-scale analysis of privacy law violations by data controllers
- Built a new dataset and developed a deep-active learning based text classification model to measure compliance with GDPR in online privacy policies.
Detect and Prevent Vulnerable Single Sign-on (SSO) Implementation in Mobile Applications
- Built a query-driven static analysis tool to automatically detect OAuth bugs in Apps on Google Play Store.
Maximizing Reverse k-Nearest Neighbors for Trajectories
- Proposed and implemented a novel R-tree based pruning method to compute Reverse k- Nearest Neighbors (RkNN) for trajectories. I also proposed a generic distance function and pruning strategies to quickly compute k-NNs for large-scale trajectories.
Data Intensive Pair-wise Similarity Matching Across Fingerprints in Local Clusters
- Proposed an abstraction using several CPUs in a distributed way to reduce the computation and data transfer cost for pairwise object matching in large-scale. I implemented RPC-based local cluster to evaluate the model using NIST fingerprint dataset.