Memory corruption errors in C/C++ programs remain the most common source of security
vulnerabilities in today's systems. Control-flow hijacking attacks exploit memory corruption …

Taint analysis, a form of information-flow analysis, establishes whether values from
untrusted methods and parameters may flow into security-sensitive operations. Taint …

Data flow analysis is used to discover information for a wide variety of useful applications,
ranging from compiler optimizations to software engineering and verification. Modern …

We present a scalable and precise context-sensitive points-to analysis with three key
properties:(1) filtering out of unrealizable paths,(2) a context-sensitive heap abstraction, and …

Program slicing systematically identifies parts of a program relevant to a seed statement.
Unfortunately, slices of modern programs often grow too large for human consumption. We …

Security auditing of industry-scale software systems mandates automation. Static taint
analysis enables deep and exhaustive tracking of suspicious data flows for detection of …

Dyck reachability is the standard formulation of a large domain of static analyses, as it
achieves the sweet spot between precision and efficiency, and has thus been studied …

This paper presents an in-kernel, hardware-based control-flow integrity (CFI) protection,
called PAL, that utilizes ARM's Pointer Authentication (PA). It provides three important …

JavaScript is the most popular client-side scripting language for Web applications.
Exploitable JavaScript code exposes end users to integrity and confidentiality violations …

Context-sensitivity is the primary approach for adding more precision to a points-to analysis,
while hopefully also maintaining scalability. An oft-reported problem with context-sensitive …