July 2018: We have proposed oo7 - a low-overhead (below 2%) defense against Spectre attacks based on binary analysis. Our proposed approach is now available in arxiv.1807.05843. To try oo7, send a request here.

August 2018: I do not update my personal homepage anymore. For all updates, publications and open positions, please check our ASSET Research Group website. The ASSET Group is now alive, kicking and will always be kept up-to-date.

∃ About Me

Hi, welcome to my homepage. Since January 2017, I am an Assistant Professor at the Information Systems Technology and Design (ISTD) Pillar at Singapore University of Technology and Design (SUTD).

My research interests broadly cover the area of Program Analysis, Embedded Systems and Compilers. Concretely, my goal is to understand the influence of execution platform on critical software properties, such as performance, energy, robustness and security. In my doctoral dissertation, I worked on Execution-time Predictability, with a specific focus on Multi-core Platforms. At present, I am exploring different ideas for efficient, reliable and secure execution of complex software systems. Some specific application areas include (but not limited to) cyber-physical systems, mobile applications and smart home.

Before joining SUTD, I was a post-doctoral scholar at Computer Science division in Saarbrücken, Germany. In Germany, I was affiliated with the Center for IT-Security, Privacy and Accountability (CISPA) and the Software Engineering Chair leaded by Prof. Andreas Zeller. Before coming to Germany, I was a post-doctoral researcher in the Department of Computer and Information Science in Linköping University, Sweden, where I primarily worked in the Embedded Systems Lab. I have obtained my Ph.D. in Computer Science from National University of Singapore (NUS), Singapore in 2013. Prior to my PhD study, I was working as a Research and Development Engineer in Synopsys for 1.5 years.

∃ Opening (Post-doctoral Researchers, Research Assistants and Interns)

  • @[Security and Performance Validation of Self-reconfigurable Robots] I have immediate openings to host multiple post-doctoral researchers and research assistants. The project investigates systematic design and validation of self-reconfigurable robots. Please find the details of all open positions in the project here. If interested, contact me directly with your CV.
    If you are a student at SUTD, I have several opportunities in this project. Specifically, if you are interested in implementing security technologies within robotics, then feel free to contact me. Knowledge in C/C++ programming is required. Knowledge in robotics/machine learning/cyber security is a plus, but not mandatory.

  • @[Testing and Monitoring IIoT for Security and Privacy] We recently launched the Measurement Technologies Lab (MTL), which, among other projects, introduces long-term research effort to protect the Industrial Internet-of-things (IIoT) from vicious cyber attacks. MTL is generously supported by Keysight Technologies. See the press release.
    I have immediate openings for two (2) research staffs and multiple student interns in an MTL project targeting security testing of industrial IoT (IIoT) devices. Prospective research stuffs must hold an engineering degree (bachelor or masters) in computer science, computer engineering or related fields. Prospective interns should be pursuing a degree in computer science or electronics engineering. All candidates should have interest in system security and embedded systems, and should be comfortable in dealing with large software systems (e.g. Linux kernel). Selected candidates will have the opportunity to validate their research outcome with real, physical IIoT devices. Sounds exciting? Contact me directly with your CV.
    If you are a student at SUTD and interested in investigating the security of firmware/operating systems, then feel free to contact me. Knowledge in C/C++ programming is mandatory. Knowledge in machine learning/cyber security is a plus, but not mandatory.

  • @[Securing Embedded Software against Information Leakage] I am continuously hosting visitors (including faculty members) and interns at all levels (Bachelor, Master, PhD) in the project SLICK. Contact me directly with your CV if interested.

∃ PhD Opportunities

I am actively looking for PhD students to work on several projects in cyber security (mostly in the area of internet-of-things and [distributed] robotics), software validation and next-generation embedded systems (e.g. cyber-physical systems). My core expertise is in the area of validation and verification. Specifically, I am interested in validation and optimization problems that involve a careful investigation of the entire computational stack (i.e. application, middleware and hardware). I always welcome new ideas from students as long as they are aligned to my research interest in the broadest sense. If you are interested in my research, feel free to send me your CV. For Singaporean and PR, you can send me an email to discuss PhD opportunities, as the following list for international applicants is not exhaustive for Singaporean and PR. For international applicants, the following opportunities are available immediately:

  • Apply to ISTD/SUTD PhD program. The upcoming application deadline is 28th February, 2018 .
  • Apply for SINGA sholarship. The upcoming application deadline is 1st June, 2018 .
  • Apply for SINGA sholarship in the project titled Deep Fuzzing Industrial Internet-of-things (IIoT) . This project is hosted under the SUTD-I2R Thematic Program on Industrial IoT and investigates systematic validation of IIoTs against security-related properties. Hence, while applying, kindly indicate your special preference for the program should you be interested. The upcoming application deadline is 1st June, 2018 .

All PhD positions are fully funded for four years with very attractive scholarship. If you are already at SUTD and wish to discuss research opportunities, do not hesitate to book an appointment with me.

∃ Research Interests

[NOTE] I do not find time to update the list of projects. Feel free to contact me for details.

From a broader perspective, I investigate formal as well as experimental methodologies for the analysis of software systems. Specifically, I have focused on peoperties related to performance, security and energy consumption. Currently, I am working on the following projects:

  • Testing and Quantifying Side-channel Vulnerabilities:

    Given a complex system, how do we test and quantify its vulnerability against side-channel attacks? Side-channel attacks aim to retrieve secret information from dynamic software properties, such as timing, memory-access statistics and so on. Whereas such attacks are easy to mount, its analysis poses a great challenge, as such analysis needs to systematically investigate both the hardware and software behaviour. In this project, we build techniques to validate and subsequently, strengthen software against side-channel attacks. To know more about the topic, please take a look at our following publications: MEMOCODE-2017, TACAS-2017, ICSTW-2017, ASPDAC-2016.

  • Certifying Performance and Security of Autonomous Cars and IoTs:

    How do we build models for validating complex systems such as autonomous cars, IoTs and smart home? In this newly instantiated project, we build such models and leverage such models for validating timing and security-related (e.g. information leakage) properties.

  • Verification, Validation and Optimization of Non-functional Software Properties:

    This is a rather large project with several directions. The aim of this project is to extend the foundation of software engineering for the analysis, testing, debugging and synthesis of software by taking into account its non-functional properties. To know more about the topic, please take a look at our following publications: DAC-2018, JSA-2016, SPIN-2015, EMSOFT-2014, FSE-2014, RTSS-2013.

∃ Recent Activities (always outdated)

∃ Publications

∀ Recent ∧ ∀ Selected

The rest available from DBLP, Google Scholar and My List.

∃ Recent Teaching

∃ Software

  • CHALICE: A symbolic-execution-based approach to quantify cache side-channel leakage.
  • CATAPULT: A symbolic-execution-based approach to test cache side channel.
  • CLANK: A search-based software testing tool to discover cache side-channel vulnerabilities (developed by my student Tiyash Basu).
  • GRAB: A performance debugging tool to discover and localize memory-related bottlenecks in GPGPU programs (developed by my student Adrian Horga).
  • MESS: A memory performance checker for multi-core systems.
  • Chronos for Multi-core: A Worst-case Execution Time analysis tool for multi-core systems.
  • MIPS2LLVM: A software that translates MIPS binary code to LLVM bitcode preserving both functionality and memory performance (developed by my student Moritz Beck).