|
My area of research is software engineering, with emphasis on
software testing and analysis. My interests include development of
techniques for improving software reliability, security, and
trustworthiness, and the validation of such techniques on real
systems.
I'm currently working on three main projects, discussed
below. Representative papers are available on my publications page.
-
Testing and Analysis of Deployed
Software (sponsored by NSF). One of the limitations of
traditional quality-assurance approaches is that they assess the
software in-house, on developers' platforms, on a limited number of
configurations, and using developer's provided workloads. As a
consequence, the behavior they exercise is often not representative of
how the software will perform in the field. This is especially true
with today's software, which is increasingly commoditized and
configurable and must operate on rich and heterogeneous environments;
increasingly complex software can behave very differently in different
environments and configurations, and it is difficult to assess its
quality outside the actual time and context in which it executes. To
address this limitation, my research investigates ways of leveraging
the increasing connectivity and computational power of user machines
to collect data from fielded software systems and use such data to
help improve software quality. My recent work in this area focuses on
three main themes: remote data collection, program-behavior
classification, and record and replay techniques.
-
Testing of Evolving Software
(sponsored by NSF, IBM,
and Microsoft).
Successful software is corrected, adapted, and enhanced to provide new
functionality throughout its lifetime. Regression testing, which is
the re-testing of a system as it evolves, is performed on each release
and is one of the most expensive maintenance activities. My research
in the area of regression testing focuses mainly on the problems of
regression test selection and test suite augmentation. Regression
Test Selection (RTS) consists of selecting a subset of an existing
test suite that does not need to be rerun on the new version of a
program, with the goal of saving testing effort RTS techniques can
improve the efficiency of regression testing, but they are not
concerned with the effectiveness of existing test suites in testing
changed software. To address this issue, my research also
investigates approaches for test suite augmentation: assessing
whether a test suite adequately exercises the effects of changes
performed on the software and, if not, suggesting how to augment the
test suite.
-
Web Application Security and
Reliability (sponsored by NSF and DHS). Many software systems
have evolved to include a web-based component that makes them
available to the public via the Internet. Most people use these web
applications on a daily basis, when paying e-bills, shopping on-line,
or simply reading the news. Faults in the implementation of these
applications can cause failures whose effects range from annoyances to
the user to loss of critical data. Furthermore, such faults can make
web applications vulnerable to a variety of attacks that can result in
leaking of confidential and even sensitive information. My research in
the area of web application security and reliability focuses on the
use of static and dynamic analysis techniques to identify faults in
web applications and protect them from attacks.
|
|