Email: munawar @t auburn _d0t edu
Phone: 1-(334)-844-6348, Fax: 1-(334)-844-6329
|[SATS Research Group] [Publications] [Teaching] [CV/Resume] [The lighter side]|
I am a tenure track assistant professor at the Department of Computer Science and Software Engineering at Auburn University.
I lead the Software Analysis, Transformation, and Security (SATS) research group. Our focus is to understand software security problems through empirical studies and mitigate problems using program analysis and
program transformations techniques
I got my Ph.D. from University of Illinois at Urbana-Champaign in 2010. My PhD advisor was Ralph Johnson.
My Ph.D. dissertation describes how one can think about applying security solutions in terms of automated, general purpose program transformations; I call them security-oriented program transformations.
My research is supported by grants from National Science Foundation (NSF), a gift from Google Faculty Research Award, and Auburn University Startup Fund.
Two of my projects:
OpenRefactory/C: A framework for building program transformations for C programs.
Security Pattern Catalog: The most comprehensive work on cataloging and organizing security patterns.
11/14 - Our C Refactoring with Preprocessor paper gets shortlisted for the best paper award at FSE 2014.
09/14 - Ming Fang wins Best Paper Award at ESEM 2014.
06/14 - Two Papers accepted at FSE 2014.
03/14 - 04/14 - Paper accepted at ESEM 2014, DSN 2014, COMPSAC 2014, and ASE Journal.
01/14 - Talk at Google.
08/13 - Google Faculty Research Award - Summer 2013.
07/13 - Paper at ECOOP 2013.
Link to Testing Refactoring Project.
06/13 - Zack Coker from my Group wins
the ACM SRC Grand Finals 2013 in undergrad category. Earlier, he won the ACM SRC at SPLASH 2012.
05/13 - Paper at ICSE 2013.
Link to Integer Problems Project.
|SATS (Software Analysis,
Transformation, and Security) Research Group
Security Problems of
Analysis, Program Transformation, Security Pattern, Software
Empirical Studies to Understand Security Problems, Privacy Pattern, Web
3. Applying Machine Learning to Create Patches from Free Form Bug Reports (Collaboration with Lin Tan, Univ of Waterloo)
7. The Science of Security Engineering
9. Privay in Social Media
1. Dr. Jeffrey Overbey, Research Assistant Professor, Auburn University
2. Farnaz Behrang, Grad
3. Dusten Doggett, Grad
4. Ming Fang, Grad
5. Sharath Chowdary Gude, Grad
6. Samir Hasan, Grad
7. Adam Payne, Grad
8. Reed Allman, Undergrad
9. Mathew Bianchi, Undergrad
10. Jillian Hall, Undergrad
11. Robert Horn, Undergrad
12. Andrew Lewis, Undergrad
13. Alex Shaw, Undergrad
14. Austin Sorellis, Undergrad
15. Victoria Fang, K-12 Summer Intern 2013
1. Joel Eichelkraut, Graduated. Currently at: Harris Corporation.
2. Zack Coker, Graduated, Currently at: Carnegie-Mellon University (Ph.D. Student)
I am looking for motivated graduate (mainly Ph.D.) and undergraduate students to join my group.
If interested, email your CV and research interest.
1. J. Overbey, F. Behrang and M. Hafiz. A Foundation for Refactoring C with Macros. In Proceedings of the 22nd ACM SIGSOFT International Symposium on the Foundations of Software Engineering, FSE 2014, Hong Kong, Nov 2014. [Acceptance Rate: 61/273 (22%)]
2. A. Bosu, J. Carver, M. Hafiz, P. Hilley and D. Janni. Identifying the Characteristics of Vulnerable Code Changes: An Empirical Study. In Proceedings of the 22nd ACM SIGSOFT International Symposium on the Foundations of Software Engineering, FSE 2014, Hong Kong, Nov 2014. [Acceptance Rate: 61/273 (22%)]
3. M. Fang and M. Hafiz. Discovering Buffer Overflow Vulnerabilities In The Wild: An Empirical Study. In Proceedings of the ACM/IEEE International Symposium on Empirical Software Engineering and Measurement, ESEM 2014, Torino, Italy, September 2014. [Best Paper Award]
[Acceptance Rate: 23/123 (18.7%)]
5. A. Shaw, D. Doggett and M. Hafiz. Program Transformations to fix C Buffer Overflows. In Proceedings of the 44th Annual IEEE/IFIP Conference on Dependable Systems and Networks, DSN 2013, Atlanta, GA, June 2014. [Acceptance Rate: 56/242 (23.1%)]
6. J. Overbey, R. Johnson and M. Hafiz. Differential Precondition Checking: A Language-Independent, Reusable Analysis for Refactoring Engines. To be published in Automated Software Engineering, 2014.
7. M. Gligoric, F. Behrang, J. Overbey, M. Hafiz and D. Marinov. Systematic Testing of Refactoring Engines on Real Software Projects. In Proceedings of the European Conference on Object-Oriented Programming, ECOOP 2013, Montpellier, France, July 2013. [Acceptance Rate: 29/116 (25%)]
8. Z. Coker and M. Hafiz. Program Transformations to Fix C Integers. In Proceedings of the 35th International Conference of Software Engineering (ICSE 2013), San Francisco, CA, May 2013. [Acceptance Rate: 85/461 (18.5%)]
9. C. Liu, J. Yang, L. Tan and M. Hafiz. R2Fix: Automatically Generating Bug Fixes from Bug Reports. In Proceedings of the International Conference on Software Testing, Verification, and Validation, ICST 2013, Luxembourg, March 2013. [Acceptance Rate: 38/152 (25%)]
10. M. Hafiz, P. Adamczyk, and R. Johnson. Growing a Pattern Language (for Security). In OOPSLA12:
Proceedings of the ACM International Conference on Object-oriented
Programming Systems Languages and Applications. Tucson, AZ. Oct, 2012. [Acceptance Rate: 11/43 (26%)]
11. M. Hafiz. A Pattern Language for Developing Privacy Enhancing Technologies. Software---Practice and Experience, 43(7):769-787, Jul 2013.
12. M. Hafiz, P. Adamczyk and R. Johnson. Systematically Eradicating Data Injection Attacks using Security-oriented Program Transformations. In ESSoS09: Symposium on Engineering Secure Software and Systems. Leuven, Belgium. Feb, 2009. [Acceptance Rate: 9/52 (17%)]
13. M. Hafiz and R. Johnson. Evolution of the MTA Architecture: An Impact of Security. Software---Practice and Experience, 38(15):1569-1599, Dec 2008.
14. M. Hafiz, P. Adamczyk and R. Johnson. Organizing Security Patterns. IEEE Software. 24(4) pp 52-60. Jul/Aug 2007.
15. R. Afandi, J. Zhang, M. Hafiz and C. Gunter. AMPol: Adaptive Messaging Policy. In ECOWS06: European Conference on Web Services, pp. 53-64. Dec 2006. [Acceptance Rate: 24/115 (20%)]
* COMP 3700: Software Modeling and Design, Fall 2012.
* COMP 3700: Software Modeling and Design, Fall 2011.
I have taught half-day tutorials 3 times at OOPSLA (2006, 2007, 2008) to an industry audience.
Link to my CV.
to my one page Resume. (Not current)
PC Member, COMPSAC 2012, SESS 2010-2012, ACM SE 2012
Member, Poster and SRC Committee, OOPSLA/SPLASH, 2011-2012
Editorial Review Board, International Journal on Secure Software Engineering (IJSSE), 2009-2011.
IEEE Software, Software: Practice and Experience, Journal of Systems
and Software, IEEE Transactions on Services Computing,
Computer and Security, LNCS Transactions on Pattern Languages of Programming (TPLoP), Communications of The ACM
My photography has been featured in The Mindful Eye, one of the premiere sites on photography. Here is a link to the photograph that was featured in a webcast. You can download the video from here (13MB, mov format).
I used to have a conventional blog, where I wrote about the non-serious aspects of my life. I don't maintain that anymore. It is instead a honeypot for all things spam... I am "seriously" considering to start a "serious" blog about my experiences in software engineering, security, or perhaps computer science in general; someday, I will start that.
I am married to Farhana Ashraf. She got her Ph.D. from UIUC in 2013. She will be joining Google in 2014.
Last modified: May 24, 2014
Conceived and Maintained by: Munawar Hafiz