Blogs (1) >>
ASE 2019
Sun 10 - Fri 15 November 2019 San Diego, California, United States

Machine image sniping is a difficult-to-detect security vulnerability in cloud computing code. When programmatically initializing a machine, a developer must specify which machine image (operating system and file system) to use as the basis for the new machine. The developer should restrict the search to only those machine images which their organization controls: otherwise, an attacker can insert a similar but malicious image into the public database, where it might be selected instead of the image intended by the developer when initializing a new machine. We present a lightweight type and effect system that detects requests to a cloud provider that are vulnerable to an image sniping attack, or proves that no vulnerable request exists in a codebase. We prototyped our type system for Java programs that request Amazon Web Services machines, and evaluated it on more than 500 codebases, detecting 12 vulnerable requests with only 3 false positives.

Iā€™m a Ph.D. student at the University of Washington Paul G. Allen School of Computer Science & Engineering. I work in the PLSE group on lightweight software verification. My advisor is Mike Ernst.

My current work is focused on building type systems on top of the Checker Framework to solve practical problems in software engineering.

Conference Day
Tue 12 Nov

Displayed time zone: Tijuana, Baja California change

15:20 - 16:00
Poster Session: Student Research CompetitionStudent Research Competition at Kensington Ballroom
15:20
40m
Boosting Neural Commit Message Generation with Code Semantic Analysis
Student Research Competition
Shuyao JiangFudan University
15:20
40m
Toward Practical Automatic Program Repair
Student Research Competition
Ali GhanbariThe University of Texas at Dallas
15:20
40m
An Image-inspired and CNN-based Android Malware Detection Approach
Student Research Competition
Shao YangCase Western Reserve University
15:20
40m
An Approach for Investigating Emotion Dynamics in Software Development
Student Research Competition
Krishna NeupaneRochester Institute of Technology
15:20
40m
A Machine Learning based Approach to Identify SQL Injection Vulnerabilities
Student Research Competition
Kevin ZhangWayne State University
15:20
40m
Retrieve and Refine: Exemplar-based Neural Comment Generation
Student Research Competition
Bolin WeiPeking University
15:20
40m
Verifying Determinism in Sequential Programs
Student Research Competition
Rashmi MudduluruUniversity of Washington, Seattle
15:20
40m
User Preference Aware Multimedia Pricing Model using Game Theory and Prospect Theory for Wireless Communications
Student Research Competition
Krishna Murthy Kattiyan RamamoorthySan Diego State University
15:20
40m
Empirical Study of Python Call Graph
Student Research Competition
Li YuNanjing University
15:20
40m
Towards Comprehensible Representation of Controllers using Machine Learning
Student Research Competition
Gargi BalasubramaniamBirla Institute of Technology and Science, Pilani, K K Birla Goa Campus
File Attached
15:20
40m
API Design Implications of Boilerplate Client Code
Student Research Competition
Daye NamCarnegie Mellon University
15:20
40m
Compile-time detection of machine image sniping
Student Research Competition
Martin KelloggUniversity of Washington, Seattle
15:20
40m
Crowdsourced Report Generation via Bug Screenshot Understanding
Student Research Competition
Shengcheng YuNanjing University, China
File Attached

Conference Day
Wed 13 Nov

Displayed time zone: Tijuana, Baja California change

10:40 - 12:20
Student Research Competition - Selected Presentations (Graduate)Student Research Competition at South Park
Chair(s): Jie M. ZhangUniversity College London, UK, Jin L.C. GuoMcGill University
10:40
15m
Toward Practical Automatic Program Repair
Student Research Competition
Ali GhanbariThe University of Texas at Dallas
10:55
15m
Verifying Determinism in Sequential Programs
Student Research Competition
Rashmi MudduluruUniversity of Washington, Seattle
11:10
15m
An Image-inspired and CNN-based Android Malware Detection Approach
Student Research Competition
Shao YangCase Western Reserve University
11:25
15m
User Preference Aware Multimedia Pricing Model using Game Theory and Prospect Theory for Wireless Communications
Student Research Competition
Krishna Murthy Kattiyan RamamoorthySan Diego State University
11:40
15m
API Design Implications of Boilerplate Client Code
Student Research Competition
Daye NamCarnegie Mellon University
11:55
15m
Compile-time detection of machine image sniping
Student Research Competition
Martin KelloggUniversity of Washington, Seattle