Threat Detection and Defenses

Detecting and Preventing Software Issues

Generating Software Tests. Software Anomaly Detection. Secure System Architectures.


Today's mobile devices are the most personal computers ever created – not only because we have them with us for most of the time, but also because we entrust them with lots of personal information. Ensuring that these devices and their software can be trusted to work as advertised imposes major challenges. We need to devise novel concepts of testing, analyzing, and securing software systems, and we need to engineer solutions that enable these concepts in practice.


Generating Software Tests. We use machine learning and language induction techniques to automatically learn input languages for given programs. From these input languages, we can efficiently generate large numbers of software tests, which we can guide towards critical functionality or untested behavior. Our testing techniques have uncovered thousands of bugs in critical software such as Web browsers, are in daily use at companies such as Google and Microsoft, and taught to students around the world in our online test generation courses.

Software Anomaly Detection. Determining whether software behavior is desirable or not is a major challenge, especially in the absence of precise specifications. We use natural language learning techniques to associate software behavior with functionality descriptions (from user interfaces or software descriptions) in order to detect anomalies: "This app claims to be a travel app, but it actually sends sensitive information via covert messages". Once mined, such associations can also be used to improve and guide testing, as well as assess test results, as discussed above.

Secure System Architectures. Software has to be subjected to runtime constraints to mitigate unwanted, faulty, or malicious behavior. To this end, we investigate how the design of current and future system security architectures can ensure robust enforcement of security policies and data privacy through new access control solutions, information flow controls, and leveraging hardware security features. Our techniques specifically target mobile systems and critical infrastructures.