Activity
-
If you’re passionate about the future of mathematics, formal methods, open-source communities, and impactful marketing, this is your chance to make a…
If you’re passionate about the future of mathematics, formal methods, open-source communities, and impactful marketing, this is your chance to make a…
Liked by Marco Pistoia
-
Amazing and touching essay... an absolutely traumatic experience, and just incredible that she has the strength of spirit to write about it -…
Amazing and touching essay... an absolutely traumatic experience, and just incredible that she has the strength of spirit to write about it -…
Liked by Marco Pistoia
-
Amazing work co-led by Tianyi Hao, who contributed as a part of his internship with us. These kinds of optimized end-to-end pipelines are essential…
Amazing work co-led by Tianyi Hao, who contributed as a part of his internship with us. These kinds of optimized end-to-end pipelines are essential…
Liked by Marco Pistoia
Experience & Education
Licenses & Certifications
Publications
-
Privacy Analysis of Android Apps: Implicit Flows and Quantitative Analysis
In Proc. 14th International Conference on Computer Information Systems and Industrial Management, CISIM 2015, Warsaw, Poland, September 24-26, 2015. Lecture Notes in Computer Science 9339, Springer 2015, pag. 3-23. ISBN 978-3-319-24368-9
A static analysis is presented, based on the theory of abstract interpretation, for verifying privacy policy compliance by mobile applications. This includes instances where, for example, the application releases the user’s location or device ID without authorization. It properly extends previous work on datacentric semantics for verification of privacy policy compliance by mobile applications by (i) tracking implicit information flow, and (ii) performing a quantitative analysis of information…
A static analysis is presented, based on the theory of abstract interpretation, for verifying privacy policy compliance by mobile applications. This includes instances where, for example, the application releases the user’s location or device ID without authorization. It properly extends previous work on datacentric semantics for verification of privacy policy compliance by mobile applications by (i) tracking implicit information flow, and (ii) performing a quantitative analysis of information leakage. This yields to a novel combination of qualitative and quantitative analyses of information flows in mobile applications.
-
Enabling Bring-Your-Own-Device Using Mobile Application Instrumentation.
BM Journal of Research and Development: Volume 57, Issue 6 (2013), Page 7:1 - 7:11.
Many enterprises are investigating Bring-Your-Own-Device (BYOD) policies, which allow employees to use their personal devices in the workplace. This has led to mixed-use scenarios, where consumer and enterprise software are installed on the same device. In this paper, we describe the Secured Application Framework for Enterprise (SAFE), a comprehensive system for enabling BYOD that allows enterprise and consumer applications to coexist side-by-side on the device. Rather than partition the device…
Many enterprises are investigating Bring-Your-Own-Device (BYOD) policies, which allow employees to use their personal devices in the workplace. This has led to mixed-use scenarios, where consumer and enterprise software are installed on the same device. In this paper, we describe the Secured Application Framework for Enterprise (SAFE), a comprehensive system for enabling BYOD that allows enterprise and consumer applications to coexist side-by-side on the device. Rather than partition the device by profiles, SAFE embeds enterprise functions in each enterprise application; this allows for a seamless user experience and minimal intrusiveness on the part of the enterprise. We describe the SAFE toolset that implements the embedding of the SAFE instrumentation layer, and then provide an overview of several enterprise features that can be configured using SAFE. Specifically, we describe modeling for analytics, testing and replay, anomaly detection, and cloud data services, all enterprise features that can transparently be added to mobile applications.
-
Modular String-Sensitive Permission Analysis with Demand-Driven Precision
International Conference on Software Engineering (ICSE)
-
The Case for Analysis Preserving Language Transformation
International Symposium on Software Testing and Analysis (ISSTA)
Patents
-
Automatic optimization of string allocations in a computer program
Issued US 8,473,899
Access is obtained to an input object-oriented computer program. In the input object-oriented computer program, semantically equivalent objects are identified, which exist in different memory locations. If at least one of: a number of occurrences for the semantically equivalent objects exceeds a first threshold value, the threshold value being at least two; and a number of equality tests on the semantically equivalent objects exceeds a second threshold value, then a further step includes…
Access is obtained to an input object-oriented computer program. In the input object-oriented computer program, semantically equivalent objects are identified, which exist in different memory locations. If at least one of: a number of occurrences for the semantically equivalent objects exceeds a first threshold value, the threshold value being at least two; and a number of equality tests on the semantically equivalent objects exceeds a second threshold value, then a further step includes identifying an application program interface to reduce the semantically equivalent objects to a single object in a single memory location.
-
INCREMENTAL STATIC ANALYSIS
Filed US 12/873,219
A system, method and computer program product for incremental static analysis, including a change impact analyzer for identifying a changed portion of a computer software (e.g., an application), where the changed portion was changed subsequent to performing a static analysis on the application, a static analysis result invalidator for invalidating any static analysis result that is dependent on the changed portion, and an incremental static analyzer for performing a first incremental static…
A system, method and computer program product for incremental static analysis, including a change impact analyzer for identifying a changed portion of a computer software (e.g., an application), where the changed portion was changed subsequent to performing a static analysis on the application, a static analysis result invalidator for invalidating any static analysis result that is dependent on the changed portion, and an incremental static analyzer for performing a first incremental static analysis on at least the changed portion, presenting the results of the first incremental static analysis, receiving a request to provide additional information regarding a selected result of the first incremental static analysis, performing, responsive to receiving the request, a second incremental static analysis on any portion of the application to gather the additional information, and presenting results of the second incremental static analysis, thereby providing the additional information regarding the selected result of the first incremental static analysis.
More activity by Marco
-
🚀 Exciting News! 🚀 I'm happy to share the most recent results from the longstanding collaboration between JPMorganChase and Argonne National…
🚀 Exciting News! 🚀 I'm happy to share the most recent results from the longstanding collaboration between JPMorganChase and Argonne National…
Shared by Marco Pistoia
-
I’m thrilled to join American Express as a leader within Technology Risk and Information Security. Excited to be working alongside a talented team…
I’m thrilled to join American Express as a leader within Technology Risk and Information Security. Excited to be working alongside a talented team…
Liked by Marco Pistoia
-
Jens Eisert Nana Liu Kristan Temme Sofia Vallecorsa Marco Pistoia Marco Cerezo @nathan wiebe Eric Anschuetz Eliska Greplova Christopher Ferrie…
Jens Eisert Nana Liu Kristan Temme Sofia Vallecorsa Marco Pistoia Marco Cerezo @nathan wiebe Eric Anschuetz Eliska Greplova Christopher Ferrie…
Liked by Marco Pistoia
-
I am extremely honored and excited to have been invited to speak at this wonderful event! i.c.stars is such a wonderful organization that I have…
I am extremely honored and excited to have been invited to speak at this wonderful event! i.c.stars is such a wonderful organization that I have…
Liked by Marco Pistoia
-
Start of ICML'24, one of the top 3 AI conferences, with thousands of researchers/big-tech/even VCs attending from all over the world (9500+…
Start of ICML'24, one of the top 3 AI conferences, with thousands of researchers/big-tech/even VCs attending from all over the world (9500+…
Liked by Marco Pistoia
-
Give support for Daniel Aspuru. Go to the link and like his music as part of a music festival selection. https://lnkd.in/gNfSyPMz Please reshare.
Give support for Daniel Aspuru. Go to the link and like his music as part of a music festival selection. https://lnkd.in/gNfSyPMz Please reshare.
Liked by Marco Pistoia
-
Exciting news! A Quantum Track has been established under the Financial Sector Technology & Innovation Scheme (FSTI 3.0), with MAS earmarking $100…
Exciting news! A Quantum Track has been established under the Financial Sector Technology & Innovation Scheme (FSTI 3.0), with MAS earmarking $100…
Liked by Marco Pistoia
-
Summer growth spurt! I am very pleased to welcome four new members to our developer AI team at Google: Jose Cambronero, Michele Tufano, Jürgen Cito…
Summer growth spurt! I am very pleased to welcome four new members to our developer AI team at Google: Jose Cambronero, Michele Tufano, Jürgen Cito…
Liked by Marco Pistoia
Other similar profiles
Explore collaborative articles
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
Explore More