Doctoral Students Win Awards at FSE 2016
Writer(s): Kristyn Childres
Two doctoral students in the Department of Computer Science won awards at the ACM SIGSOFT International Symposium on the Foundations of Software Engineering (FSE), a top-tier software engineering conference held November 13-18 in Seattle. Ph.D. student Jianjun Huang won the ACM SIGSOFT Distinguished Paper Award and visiting doctoral student Zhaogui Xu won the Distinguished Artifact Award. Both students were advised by Professor Xiangyu Zhang (pictured at right with Jianjun Huang).
Huang’s paper, “Detecting Sensitive Data Disclosure via Bi-directional Text Correlation Analysis,” was co-authored with Professor Xiangyu Zhang and Professor Lin Tan from the University of Waterloo. It was one of seven papers sharing the award from the 73 papers accepted from 273 submissions.
The paper presents a novel static analysis technique that detects information leak vulnerabilities of Android apps that disclose sensitive data to adversaries. It addresses the prominent limitations of existing techniques by using textual information of application UIs and constant strings in program code to recognize sensitive data, and leveraging a bi-directional type based analysis to monitor sensitive data propagation to detect if they are leaked.
Xu’s paper, “Python Probabilistic Type Inference with Natural Language Support,” was based on work done while he was visiting Purdue from 2014-2016. The paper was co-authored with Zhang, Kexin Pei (MS ’16), as well as researchers Lin Chen and Baowen Xu from China’s Nanjing University. It was one of the two papers sharing the award.
The paper develops a novel technique to statically type Python programs. The technique leverages various type hints, such as those derived from data flow, attribute accesses and variable names, but which produce uncertain results. The authors creatively formulate the problem as an inference problem on probabilistic graphic models, which are constructed from program structures. It demonstrates the synergy between learning and reasoning, and substantially outperforms a state-of-the-art type inference engine based on abstract interpretation.
Professor Zhang's current research in program analysis and mobile security has been supported in part by the Defense Advanced Research Projects Agency (DARPA), National Science Foundation (NSF), Office of Naval Research (ONR) and Cisco Systems. In particular, they are part of the ONR's learn-to-reason program, which aims to achieve synergy between machine learning, which is an uncertain process, and precise reasoning, such as program analysis.