William Klieber
Software Engineering Institute
Will Klieber is a software security researcher in the SEI's CERT Division focusing on the area of automated code repair. He has led a small team to design and implement a static analysis and program transformation to automatically repair certain classes of integer overflow that lead to buffer overflow. Klieber currently leads an effort to develop automated techniques for repairing C programs to enable a proof of memory safety. Prior to joining CERT, Klieber was a doctoral student at the Carnegie Mellon School of Computer Science where he focused on the area of formal verification, specifically on Quantified Boolean Formulas (QBF) and their application to verification of hardware and software.
Publications by William Klieber
-
Semantic Equivalence Checking of Decompiled Binaries
November 11, 2022 • Presentation
William Klieber
This project was launched to develop and implement techniques for automated semantic-equivalence checking.
read -
Preview of Semantic Equivalence Checking of Decompiled Binaries
November 07, 2022 • Video
William Klieber
This short video provides an introduction to a research topic presented at the SEI Research Review 2022.
watch -
Combined Analysis for Source Code and Binary Code for Software Assurance
November 07, 2021 • Presentation
William Klieber
This research highlight how to increase software assurance of binary components by analyzing and repairing functions.
read -
Combined Analysis for Source Code and Binary Code for Software Assurance
November 04, 2021 • Video
William Klieber
This short video provides an introduction to a research topic presented at the SEI Research Review 2021.
watch -
SCAIFE and ACR: Static Analysis Classification and Automated Code Repair
September 15, 2021 • Presentation
Lori FlynnWilliam Klieber
Flynn and Klieber describe their research and concept for a combined system for static analysis classification and automated code repair.
read -
Automated Code Repair to Ensure Spatial Memory Safety
June 01, 2021 • Presentation
William KlieberRuben MartinsRyan Steele
In this presentation, the authors discuss a technique for repairing C code to protect against potential violations of spatial memory safety.
read -
Static Code Analysis Classification
December 15, 2020 • Video
Lori FlynnWilliam KlieberRobert Schiela
Progress in research toward the rapid adjudication of static analysis alerts during continuous integration
watch -
Automated Code Repair for Memory Safety
December 15, 2020 • Video
William KlieberLori FlynnRobert Schiela
Work aims to develop technique to eliminate security vulnerabilities at a lower cost than manual repair
watch -
Automated Code Repair to Ensure Memory Safety for Source and Binary
November 03, 2020 • Presentation
William Klieber
This presentation describes an automated technique developed to repair C source code to eliminate memory safety vulnerabilities.
read -
Poster - Automated Code Repair to Ensure Memory Safety (2020)
November 03, 2020 • Poster
William Klieber
This poster describes an automated technique to repair C source code to eliminate memory safety vulnerabilities.
read -
Automated Code Repair to Ensure Memory Safety (video)
November 11, 2019 • Video
William Klieber
Watch SEI principal investigator Dr. Will Klieber discuss research to design and implement a technique to automatically repair all potential violations of memory safety in the source code so that the program is provably memory-safe.
watch -
Automated Code Repair to Ensure Memory Safety (2019)
October 28, 2019 • Presentation
William Klieber
This presentation describes an approach to automatically repair source doe to assure memory safety.
read -
Automated Code Repair to Ensure Memory Safety (2019)
October 28, 2019 • Poster
William Klieber
This poster illustrates research to developed automated techniques to repair C source code.
read -
Automated Code Repair to Ensure Memory Safety in C Source Code (2019)
October 28, 2019 • Poster
William Klieber
This is a poster reflecting research to automatically repair C source code to eliminate memory-safety vulnerabilities.
read -
Automated Code Repair to Ensure Memory Safety (2018)
October 23, 2018 • Poster
William Klieber
This poster describes a technique for automatically repairing potential violations of memory safety so that the program is provably memory-safe.
read -
Detecting Leaks of Sensitive Data Due to Stale Reads
October 05, 2018 • Conference Paper
William SnavelyWilliam KlieberRyan Steele
This paper introduces a heuristic-driven dynamic analysis that aims to detect reads that may be accessing stale sensitive data.
read -
Practical Precise Taint-flow Static Analysis for Android App Sets
August 27, 2018 • White Paper
William KlieberLori FlynnWilliam Snavely
This paper describes how to detect taint flow in Android app sets with a static analysis method that is fast and uses little disk and memory space.
read -
SEI Cyber Minute: Preventing the Next Heartbleed
December 08, 2017 • Video
William Klieber
Watch Will Klieber in this SEI Cyber Minute as he discusses "Inference of Memory Bounds: Preventing the Next Heartbleed".
watch -
Inference of Memory Bounds
October 30, 2017 • Presentation
William Klieber
Presentation on research to develop an algorithm to automatically infer the bounds of memory regions
read -
Inference of Memory Bounds
October 30, 2017 • Poster
William Klieber
Poster on research to develop an algorithm to automatically infer the bounds of memory regions
read -
DidFail: Coverage and Precision Enhancement
July 06, 2017 • Technical Report
Karan Dwivedi (No Affiliation)Hongli Yin (No Affiliation)Pranav Bagree (No Affiliation)
This report describes recent enhancements to Droid Intent Data Flow Analysis for Information Leakage (DidFail), the CERT static taint analyzer for sets of Android apps.
read -
SEI Cyber Minute: Automated Code Repair
April 28, 2017 • Video
William Klieber
Watch Will Klieber in this SEI Cyber Minute as he discusses "Automated Code Repair".
watch -
Automated Code Repair Based on Inferred Specifications
November 03, 2016 • Conference Paper
William KlieberWilliam Snavely
In this paper, the authors describe automated repairs for three types of bugs: integer overflows, missing array bounds checks, and missing authorization checks.
read -
Automated Code Repair
November 01, 2016 • Presentation
William Klieber
Work aims to develop technique to eliminate security vulnerabilities at a lower cost than manual repair
read -
Automated Code Repair
October 18, 2016 • Poster
William Klieber
Integer overflow in calculations related to array bounds or indices is almost always a bug
read -
Using DidFail to Analyze Flow of Sensitive Information in Sets of Android Apps
November 30, 2015 • Webinar
Lori FlynnWilliam Klieber
Will Klieber and Lori Flynn discuss undesired flows of sensitive information within and between Android apps.
watch -
Smartphone Security
October 01, 2015 • Article
Lori FlynnWilliam Klieber
In this article, published in IEEE Pervasive Computing, the authors discuss various smartphone security issues and present tools and strategies to address them.
read -
Using DidFail to Analyze Flow of Sensitive Information in Sets of Android Apps
June 24, 2015 • Presentation
William KlieberLori FlynnAmar S. Bhosale (Carnegie Mellon Heinz School)
In this presentation, the authors describe how to use DidFail, a tool that detects potential leaks of sensitive information in Android apps.
read -
Making DidFail Succeed: Enhancing the CERT Static Taint Analyzer for Android App Sets
March 04, 2015 • Technical Report
Jonathan BurketLori FlynnWill Klieber
In this report, the authors describe how the DidFail tool was enhanced to improve its effectiveness.
read -
Android Taint Flow Analysis for App Sets
June 12, 2014 • Presentation
Will KlieberLori FlynnAmar S. Bhosale (Carnegie Mellon Heinz School)
In this presentation at the SOAP 2014 workshop, the authors describe their taint flow analysis for Android applications.
read -
Android Taint Flow Analysis for App Sets
May 07, 2014 • Conference Paper
Will KlieberLori FlynnAmar S. Bhosale (Carnegie Mellon Heinz School)
This paper describes a new static taint flow analysis that precisely tracks both inter-component and intra-component data flow in a set of Android applications.
read -
Mobile SCALe: Rules and Analysis for Secure Java and Android Coding
November 08, 2013 • Technical Report
Lujo Bauer (Carnegie Mellon University, Department of Electrical and Computer Engineering)Lori FlynnLimin Jia (Carnegie Mellon University, Department of Electrical and Computer Engineering)
In this report, the authors describe Android secure coding rules, guidelines, and static analysis developed as part of the Mobile SCALe project.
read