Wahl 2017 sat 1

links Current und Former student (alphabetical) publications to teach Nerd unterhalten
*

*
Welcome kommen sie my previous homepage. After ~ working at Northeastern weil das about a decade, I oase moved on kommen sie join GrammaTech, Inc. The die info below may as such be somewhat out von date. Naturally, i will also not take it on applypaint.org students weist this time. ich do study on various aspects des Formal Verification and Program Analysis, such as for concurrent and numeric programs; additional on detecting and repairing security vulnerabilities of programs, together as info leaks introduced von compilers, and structural and quantitative manipulations on applypaint.orgral networks zu influence their decision making.

Brief bio:

2011–2021: full time faculty weist Northeastern University, Khoury College des Computer scientific researches 2009–2011: research Officer, Oxford University, Department of Computer scientific research (formerly "Computing Laboratory"), UK 2007–2009: Lecturer und Postdoc, Swiss federal Institute von Technology (ETH), Zurich, Switzerland 2007: Ph.D., University von Texas, Austin

General research study interests:

software application verification techniques, such together predicate abstraction, SAT und SMT solving, decision steps Infinite-state system verification, such as arbitrarily-threaded programs or distributed system Stability, robustness, reliability des numeric computations, particularly using floating-point arithmetic Software analysis techniques zum security verification, such as detection of die info leaks (e.g. V side channels)

Past und current projects:

Resource-aware regime verification using observation Sequences:

Short version:
Verification techniques try to analyzesoftware (or hardware) zum bugs: behaviors that room unexpected,unwanted, und can cause ns software to ende up in in unworkable state,crash, or just compute not correct results. This project establishes averification method that tries zu exploit die fact that many softwaresystems space designed end a change number von resources. Exactly how dochanges (especially incremental changes) of the resource parameter affectthe behavior von the software?More details: Many system are normally designed (consciously ornot) end a change number des certain resources, which kann meanphysical or logical entities. Examples of such resources include: the number of physical components des a specific functional type, die number des clients that all at once request a service from a server, ns capacity von the communication channel betwee components, die number von context switches permitted among concurrent threads, ns recursion nesting depth (= stack size) permitted an a piece of software.We tun können expect that ns behavior des the instances of the parametric designfamily (= the concrete designs zum each parameter choice) depend on theparameter in a smooth, "continuous" way. This permits analyses of thefunction the maps ns number des resource instances (= the parameter) kommen sie aconcrete design (this function goes from the natural numbers to die designspace).

Du schaust: Wahl 2017 sat 1

More concretely, intend k is in integral parameter des thedesign. With the target building P to be verified bei mind, us definea role O mapping ns parameter to observations about thedesign von size k, such the knowledge of O(k) permits adecision ~ above whether ns holds von the instance des size k. Forexample, die "observation" could simply be die set des states reachable inthe system von size k.In general, us require des function O that it it is in monotone:more resources means more system behaviors (observations). This is almostalways the case provided die value des k is not accessible in theprogram defining a system instance"s behavior. (If the is, die dependenceon k can be arbitrary, making analysis against unbounded k ingeneral impossible.)We now analyze ns system design for boosting values des k. Due tomonotonicity des O, consecutive observation sets O(k) space insome sort von ≤ relationship. This begs ns question even if it is thefunction Oconverges punkt some parameterpoint k0, i.e. Even if it is it stops increasingafter reaching k0. If so, the truth valueof building P has stabilized, i.e. Uneven we oase detected aviolation von P up zu this point, we oase proved ns property for allparameter instances.We have applied the Observation sequence paradigm to die undecidableproblem von analyzing reachability weil das concurrent procedures communicatingvia global-scopevariables . Ours technique ist dubbed CUBA(Context-UnBounded Analysis). A webpage withdownloads and many various other resources kann sein befound here.We have also applied this paradigm to unbounded-queue post passingsystems written inthe Planguage, such as spread communicationprotocols . Die resource page zum this projectis here.I am deshalb fortunate zu work v a at sight team of Northeasternundergraduates, Andrew Dai und Andrew Johnson, who arehelping me expand die scope des this technique.

Platform dependencies des floating-point programs:

Short version:
the precise semantics des floating-pointarithmetic programs, i.e. Ns values lock compute, depends notfall only on theinput but deshalb on ns behavior des the compiler und on ns targethardware. Such dependencies infringe on ns highly desirable goal ofsoftware portability: the same routine run on the same inputs on differentplatforms can produce various results. We are investigating theconsequences des these dependencies weil das numeric programs in general, and forthe trustworthiness von floating-point compilers.

Mehr sehen: Sehr Gutes Arbeitszeugnis Beispiel E, Noten & Anspruch, Arbeitszeugnis Muster Fur Viele Berufsgruppen

More details: We space working top top a way to evaluate the"damage", an terms von precision, the compiler optimizations reason tofloating-point programs. Since floating-point arithmetic expressionsemantics is very sensitive to the evaluation bespeak (e.g., die additionoperation is not associative), expression rewriting generally alters thevalue computed, weist least zum some inputs. This causes runtime optimizers toproduce code that is not I/O identical to ns original, violating one ofthe basic principles des code optimization.In many cases, die effect on die computed value ist marginal, but notfall inall. How kann we detect such cases, how tun können we decision whether theoptimization ist "worth it" compared to ns change in output value, und howcan us perhaps even repair the optimizer, deswegen that the produces accurate yetruntime-optimized code? Earlier we emerged a technique that can partially fix numeric instabilityagainst platform changes, make numeric programs much more robust. This is inprinciple easy, by instructing the compiler zu evaluate every expressionfollowing a "strict" evaluation model, such as "left-to-right", and toignore any platform-specific precision- or efficiency-enhancing features,such as contracted operations, custom floating-point division routines,etc., across ns whole program. Yet numeric instability is often causedonly by a few critical program fragments; us don"t want zu take far thecompiler"s freedom kommen sie optimize ns code the does notfall contribute (much) toinstability. Ours method first identifies what these critical fragments are,and then stabilizes them, within the smallest-possible scope, leaving thecompiler free zu manipulate other portions des thecode. Yet previously we looked weist platform-dependent program differences that leadto changes in the manage flow von a program. Together differencesseriously affect the portability des numeric code. We arisen a methodthat bring away a numeric procedure und determines even if it is a given input maycause the procedure to take various branches, based merely on thefloating-point platform on which it zu sein compiled und executed. This methodcan it is in used in static und dynamic analyses von programs, to estimate theirnumericstability . A task webpage kann befound here.Software analysis techniques room arguably underused in securing a programagainst vulnerabilities such as dünn leaks. Ns techniques that carry out existtypically operate at the source password level, which has proven somewhateffective punkt detecting leaks. Zum software side-channel attacks,which try kommen sie gain access kommen sie passwords or other mystery data von exploitingfine-grained info about the power or time consumption von programruns, source code level approaches are notfall reliable inactually verifying security properties. The reason ist that theprogram undergoes plenty of transformations throughout compilation, such together due tocode optimizations, it is registered allocation, und even runtime instructionscheduling, all von which oase security ramifications. Together transformationsare of kurse not visible, often not even predictable, at the source codelevel. Classical static evaluation techniques thus offer a false sense ofsecurity.This belästigt is famous throughout verification yet has recentlyreceived a substantial amount von attention in the wake des processor-levelside-channel leaks such together Meltdownand Spectre. In this job we investigate assorted instances von thisproblem. Our goals are kommen sie detect them, zu fix them, and—ifpossible—to prove that particular leaks are notfall possible, independent ofhow ns compiler turns ns program into in executable. I bei der grateful for the support von Maggie van Nortwick und OwenLoveluck, two strong undergraduates hinweisen Northeastern, in this project.

Protecting Confidentiality and Integrity des Deep applypaint.orgral Networks versus Side-Channel und Fault Attacks

Short version:
Deep learning has become a foundational meansfor solving cool societal challenges. Security von the deep applypaint.orgralnetworks" (DNN) inference engines, and of DNN maintain data, has come to be abig challenge an deploying fabricated intelligence. This project intends atinvestigating both confidentiality (secrecy) breaches and integritybreaches (malicious manipulations) des DNNs themselves, or your inferenceprocesses.

Mehr sehen: German Mature Linda Berlin Tag Und Nacht, Jana Verweyen As Linda Borowski

Sample inquiry 1: how kann sein wereverse-engineer structural und quantitative parameters des applypaint.orgral Networkswhose internals are intended kommen sie be confidential? One option zu sein to observethe behavior des the DNN on specialized inputs. These might be input thatcause the DNN inference to take unusually lang (a timing sidechannel), or cause ns computation zu raise particular observableexceptions.Sample concern 2: how kann sein wemanipulate a DNN to run on a local an equipment (e.g. By physically altering thedevice"s circuitry ) in a means that adversely affectsits execution? us plan kommen sie use rigorous devices such together mathematical formulasolvers to determine how die logic des the DNN needs to be altered toachieve a specific behavioral change. Such computations aid us assess thevulnerability von the DNN versus fault attacks.

Research sponsors:

*
*