CS&E Profile: Stephen McCamant

Program analysis for software security and correctness

Some of my specific areas of technical interest include:

• Hybrids of dynamic and static analysis, including symbolic execution
• Information flow and taint analysis
• Instruction-level hardening and isolation
• Applications of decision procedures and proof-assistant tools

Ph.D. 2008, Computer Science, Massachusetts Institute of Technology

M.S. 2004, Electrical Engineering and Computer Science, Massachusetts Institute of Technology

B.A. 2002, Computer Science, University of California, Berkeley

About

Assistant Professor McCamant joined the faculty in the fall of 2012, after a postdoc at UC Berkeley. He is the author of more than 20 publications related to program analysis and security, several of which have won best paper awards. His research on software-based fault isolation (SFI) for x86 architectures was a key predecessor of Google's Native Client system.

My primary research interest is in tools that analyze programs in order to make systems more secure. Security analysis must face the complexities of large pre-existing systems as they really are, forcing analysis systems to be realistic; for instance, many security applications require analyzing software at the binary (machine code) level without access to source code. The first security application of program analysis that comes to mind is finding security-relevant bugs, but there are many others, including helping with the analysis of malicious software (malware), and automatically hardening software against unknown bugs and attacks. Sometimes, the best way for me to evaluate the correctness of a technique or tool is with a formal proof, but the most useful evaluation of a software tool comes from running it on realistic case studies. My preference for realistic evaluations informs both the problems I work on and the approaches I take to solve them.