Research

My research centers on advancing AI and Software Supply Chain Security. I integrate program analysis, large language models (LLMs), and cybersecurity techniques to evaluate and enhance application safety and security across emerging domains, including Android, IoT, AI/LLM ecosystems, and software supply chains.

Research Areas

IoT Safety and Privacy

Developing automated techniques to detect security vulnerabilities in IoT systems, focusing on inter-app communication and interaction threats.

• Selected Papers: USENIX’22, IEEE TSE’22, ISSTA’20 🏆

Software Debloating

Removing unnecessary code from C/C++ applications and containers to reduce attack surface and improve performance.

• Selected Papers: SOCC’25, SIGMETRICS’24, FEAST’24, EuroS&P’22
• Tools: FitStack (commercialized), LMCAS, SLASH (ONR Tech Transfer)

AI/ML/LLM

Investigating adversarial attacks and defenses for ML systems, analyzing attack surfaces in bloated ML dependencies. I also explored capabilities of LLM to perform program repair and assessing software dependencies, for this purpose I used AI agents for dependency analysis using RAG over knowledge graphs.

• AI/ML robustness and bloat: NeurIPS’22, SIGMETRICS’24

• Agentic LLM for Software Dependency Management and Program Repair
  DSN’25🏆, EMSE’25, NeurIPS’24 OWA

Android Security

Analyzing security vulnerabilities in Android applications, particularly inter-app communication and dynamically loaded code.

• Selected Papers: IEEE TIFS’20, INFOCOM’19

Patents & Awards

Patents:

• Computer Implemented Program Specialization (US 20220357933A1, 2024)
• Improved Security in Trigger Action Platforms (US 11856000B2, 2024)

Awards:

• DSN Distinguished Artifact Award (2025)
• ACM SIGSOFT Distinguished Paper Award (2020)
• (ISC)² Graduate Scholarship

For complete publication list, see Publications.