Faculty Presentations 2

1:45 pm to 2:45 pm
1:45 - 2:05
"Side Channel Analysis Using a Model Counting Constraint Solver and Symbolic Execution"
Tevfik Bultan, Professor, Department of Computer Science, UC Santa Barbara
A crucial problem in computer security is detecting information leakage via side channels. Information gained by observing non-functional properties of program executions (such as execution time or memory usage) can enable attackers to infer secret information accessed by the program. In this talk, I will discuss how symbolic execution, combined with a model counting constraint solver, can be used for detecting and quantifying side-channel leakage in programs, and also for identifying input sequences that can be used to recover secrets. We implemented these results as an extension to the symbolic execution tool SPF using our model counting constraint solver ABC

Tevfik Bultan is a Professor in the Department of Computer Science at the University of California, Santa Barbara (UCSB). His research interests are in software verification, program analysis, software engineering, and computer security. He co-chaired the program committees of the 20th International Symposium on the Foundations of Software Engineering (FSE 2012) and the 28th IEEE/ACM International Conference on Automated Software Engineering (ASE 2013). He was the general chair of the 2017 ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2017). He is currently co-chairing the Program Committee of the 41st ACM/IEEE International Conference on Software Engineering (ICSE 2019). He has been an Associate Editor of the IEEE Transactions on Software Engineering (TSE) and the ACM Transactions on Software Engineering (TOSEM). He received a NATO Science Fellowship from the Scientific and Technical Research Council of Turkey (TUBITAK) in 1993, a Regents' Junior Faculty Fellowship from the University of California, Santa Barbara in 1999, a Faculty Early Career Development (CAREER) Award from the National Science Foundation in 2000, the ACM SIGSOFT Distinguished Paper Award and the Best Paper Award at the 20th IEEE/ACM International Conference on Automated Software Engineering (ASE 2005), the ACM SIGSOFT Distinguished Paper Award at the 29th IEEE/ACM International Conference on Automated Software Engineering (ASE 2014), and the UCSB Academic Senate Outstanding Graduate Mentor Award in 2016. He was recognized as an ACM Distinguished Scientist in 2016.

"Moving Fast with High Reliability using Pluggable Types"
Manu Sridharan, Associate Professor, Computer Science and Engineering Department, UC Riverside
For large-scale mobile apps, software reliability is of critical importance. At the same time, developers need to be able to move fast in developing new features and products. In this talk, I will describe our experiences at Uber in using pluggable type systems to reduce the tension between these seemingly-conflicting needs. Pluggable type systems have many advantages for static checking: errors are understandable and reported early, build time overhead can be minimal, and type annotations serve as documentation. I will present two examples of pluggable types developed and deployed at Uber: NullAway, a novel nullability type type, and the Rx Thread Checker, which prevents certain types of Android multithreading bugs. I will describe engineering challenges in building the type systems, which code patterns they are well-suited for, and how we worked co-operatively with development teams to deploy the tools.
Manu Sridharan is an associate professor at University of California, Riverside, working in the areas of programming languages and software engineering. He received his PhD from the University of California, Berkeley in 2007, and he previously worked at IBM Research, Samsung Research, and Uber. His research has drawn on, and contributed to, techniques in static analysis, dynamic analysis, and program synthesis, with applications to security, software quality, code refactoring, and software performance. His work has been incorporated into multiple commercial and open-source products, including IBM's commercial security analysis tool, Samsung's developer toolkit for Tizen, and Uber's NullAway tool.
2:25 - 2:45
"Mining Architectural Information to Stem Technical Debt"
Nenad Medvidović, Professor, Computer Science Department, USC
Software engineers tend to document their systems’ architectures sporadically and superficially. Additionally, engineers frequently neglect to carefully consider the architectural impact of their changes to a system’s implementation. As a result, an existing system’s architecture will over time deviate from the engineers’ intent, and it will decay through unplanned introduction of new and/or invalidation of existing design decisions. Technical debt accumulates through architectural decay, increasing the cost of making modifications to a system and decreasing the system’s dependability. In this talk, I will focus on isolating three types of architectural information from the details readily available about a system’s implementation: architectural design decisions, change, and decay. I will show how this information can be used to identify the locations in a software system’s implementation that reflect the architectural decay, the points in a system’s lifetime when that decay tends to occur, and the reasons why it occurs. I will show how architectural decay tends to correlate with the occurrence of commonly reported implementation-level issues, and how it can be predicted. Finally, I will identify steps that engineers can take to manage the accumulated technical debt by stemming the decay. Data obtained by analyzing dozens of versions of several well-known systems — Android, Hadoop, Cassandra, Struts, etc. — will be used to illustrate the discussion throughout.

Nenad Medvidović is a Professor in the Computer Science Department and in the Informatics Program at the University of Southern California in Los Angeles. He is the Founding Director of the SoftArch Laboratory at USC. He has previously served as Director of the USC Center for Systems and Software Engineering and as Associate Chair for Ph.D. Affairs in USC's CS Department. Medvidović is currently serving as Editor-in-Chief of IEEE Transactions on Software Engineering. He has served as Chair of the ACM Special Interest Group on Software Engineering (SIGSOFT), and Chair of the Steering Committees for the International Conference on Software Engineering and the Symposium on the Foundations of Software Engineering. He was the Program Co-Chair of ICSE 2011. Medvidović’s research interests are in the area of architecture-based software development. Several of his papers have won "Most Influential" and "Best Paper" awards at conferences, and "Most Cited" recognitions from journals. He is a co-author of a textbook on software architectures. Medvidović is an ACM Distinguished Scientist and an IEEE Fellow.