cv

PhD

Paderborn University, Paderborn, Germany

• Research interests - evaluating fuzzing, combining static analysis and fuzzing

Master of Science in Computer Science

Paderborn University, Paderborn, Germany

• Evaluation of Call Graph construction for PYTHON (Master Thesis)
  • As one of the most popular programming languages, PYTHON has become a relevant target language for static analysis tools. The primary data structure for performing an inter-procedural static analysis is call-graph (CG), which links call sites to potential call targets in a program. There exists multiple algorithms for constructing callgraphs, tailored to specific languages. However, comparatively few implementations target PYTHON. Moreover, there is still lack of empirical evidence as to how these few algorithms perform in terms of precision and recall. This paper thus presents EVAL_CG, an extensible framework for comparative analysis of Python call-graphs. We conducted two experiments which run the CG algorithms on different Python programming constructs and real-world applications. In both experiments, we evaluate three CG generation frameworks namely, Code2flow, Pyan, and Wala. We record precision, recall, and running time, and identify sources of unsoundness of each framework. Our evaluation shows that none of the current CG construction frameworks produce a sound CG. Moreover, the static CGs contain many spurious edges. Code2flow is also comparatively slow. Hence, further research is needed to support CG generation for Python programs.
• Integration of the Static Analysis Results Interchange Format in CogniCrypt (Seminar Thesis)
  • Software companies increasingly rely on static analysis tools to detect potential bugs and security vulnerabilities in their software products. In the past decade, more and more commercial and open-source static analysis tools have been developed and are maintained. Each tool comes with its own reporting format, preventing an easy integration of multiple analysis tools in a single interface, such as the Static Analysis Server Protocol (SASP). In 2017, a collaborative effort in industry, including Microsoft and GrammaTech, has proposed the Static Analysis Results Interchange Format (SARIF) to address this issue. SARIF is a standardized format in which static analysis warnings can be encoded, to allow the import and export of analysis reports between different tools. This paper explains the SARIF format through examples and presents a proof of concept of the connector that allows the static analysis tool CogniCrypt to generate and export its results in SARIF format.

Bachelor of Technology in Information Technology

Sri Sivasubramaniya Nadar College of Engineering, Anna University, Chennai (India)

Research Associate

Fraunhofer IEM, Paderborn

Student Assistant (Studentische Hilfskraft)

Fraunhofer IEM, Paderborn

Software Engineer

GAIN Credit, Chennai

• Gained experience in Python, Django, MySQL, and Docker by working as a full-stack developer in an agile working environment

• Best Outgoing Student of Sri Sivasubramaniya Nadar College of Engineering