Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

William Klieber
October 2018 - Poster Automated Code Repair to Ensure Memory Safety

Authors: William Klieber

This poster describes a technique for automatically repairing potential violations of memory safety so that the program is provably memory-safe.

October 2018 - Conference Paper Detecting Leaks of Sensitive Data Due to Stale Reads

Topics: Secure Coding

This paper introduces a heuristic-driven dynamic analysis that aims to detect reads that may be accessing stale sensitive data.

August 2018 - White Paper Practical Precise Taint-flow Static Analysis for Android App Sets

Topics: Secure Coding

This paper describes how to detect taint flow in Android app sets with a static analysis method that is fast and uses little disk and memory space.

December 2017 - Video SEI Cyber Minute: Preventing the Next Heartbleed

Authors: William Klieber

Watch Will Klieber in this SEI Cyber Minute as he discusses "Inference of Memory Bounds: Preventing the Next Heartbleed".

October 2017 - Presentation Inference of Memory Bounds

Topics: Secure Coding

Authors: William Klieber

Presentation on research to develop an algorithm to automatically infer the bounds of memory regions

October 2017 - Poster Inference of Memory Bounds

Topics: Secure Coding

Authors: William Klieber

Poster on research to develop an algorithm to automatically infer the bounds of memory regions

July 2017 - Technical Report DidFail: Coverage and Precision Enhancement

Topics: Secure Coding

This report describes recent enhancements to Droid Intent Data Flow Analysis for Information Leakage (DidFail), the CERT static taint analyzer for sets of Android apps.

April 2017 - Video SEI Cyber Minute: Automated Code Repair

Authors: William Klieber

Watch Will Klieber in this SEI Cyber Minute as he discusses "Automated Code Repair".

November 2016 - Conference Paper Automated Code Repair Based on Inferred Specifications

Topics: Secure Coding

In this paper, the authors describe automated repairs for three types of bugs: integer overflows, missing array bounds checks, and missing authorization checks.

November 2016 - Presentation Automated Code Repair

Authors: William Klieber

Work aims to develop technique to eliminate security vulnerabilities at a lower cost than manual repair

October 2016 - Poster Automated Code Repair

Authors: William Klieber

Integer overflow in calculations related to array bounds or indices is almost always a bug

November 2015 - Webinar Using DidFail to Analyze Flow of Sensitive Information in Sets of Android Apps

Topics: Cyber Risk and Resilience Management, Cybersecurity Engineering, Network Situational Awareness

Will Klieber and Lori Flynn discuss undesired flows of sensitive information within and between Android apps.

October 2015 - Article Smartphone Security

Topics: Secure Coding

In this article, the authors discuss various smartphone security issues and present tools and strategies to address them.

March 2015 - Technical Report Making DidFail Succeed: Enhancing the CERT Static Taint Analyzer for Android App Sets

Topics: Secure Coding

In this report, the authors describe how the DidFail tool was enhanced to improve its effectiveness.

May 2014 - Conference Paper Android Taint Flow Analysis for App Sets

Topics: Secure Coding

This paper describes a new static taint flow analysis that precisely tracks both inter-component and intra-component data flow in a set of Android applications.