Mondays 14:30-16:30, Taub (room TBD)

Instructor: Eran Yahav

In this seminar you will get a taste of current cyber-security threats and program analysis techniques for battling them. For example, using automatic techniques for showing that a web-site is not exposed to certain security vulnerabilities.

We will cover a wide range of approaches, including dynamic program analyses and static program analyses


Talks (under construction)

Date Topic References Presenter Slides
3/3 Exploitation Exploiting Social Navigation Nimrod Partush
3/3 Exploitation Tracelet-Based Code Search in Executables Yaniv David
10/3 Exploitation Floating Car Data from Smartphones: What Google and Waze Know About You and How Hackers Can Control Traffic Kfir Lev-Ari
10/3 Exploitation You are how you click: Clickstream analysis for sybil detection Omer Katz
17/3 Memory Safety - Symbolic EXE: Automatically Generating Inputs of Death
KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs
17/3 Symbolic Low-Effort Equivalence Verification of Real Code
24/3 Symbolic Dowsing for Overflows: A Guided Fuzzer to Find Buffer Boundary Violations
24/3 Symbolic FIE on Firmware: Finding Vulnerabilities in Embedded Systems Using Symbolic Execution
31/3 Static Who Wrote This Code? Identifying the Authors of Program Binaries
31/3 Static Towards Automatic Software Lineage Inference
7/4 Memory Safety - Dynamic DieHard: Probabilistic Memory Safety for Unsafe Languages
7/4 Memory Safety - Dynamic Exterminator: Automatically Correcting Memory Errors with High Probability
14/4 no seminar (passover)
21/4 no seminar (passover)
28/4 Static Revolver: An Automated Approach to the Detection of Evasive Web-based Malware
28/4 Dynamic Rozzle: De-Cloaking Internet Malware
5/5 no seminar (Yom Ha'zikaron)
12/5 Practical Control Flow Integrity & Randomization for Binary Executables
12/5 Dynamic Differential Slicing: Identifying Causal Execution Differences for Security Applications
19/5 Static Detecting code clones in binary executables
19/5 Static Data-Driven Equivalence Checking
26/5 Static AEG: Automatic Exploit Generation
26/5 Misc Automatic Patch-Based Exploit Generation is Possible: Techniques and Implications
Web Apps - Static The Essence of Command Injection Attacks in Web Applications
Static S2E: A Platform for In-Vivo Multi-Path Analysis of Software Systems.
Static MOPS: an Infrastructure for Examining Security Properties of Software
Static DIVINE: DIscovering Variables IN Executables
Static Loop-extended Symbolic Execution: Buffer Overflow Diagnosis and Discovery
Static Execution Synthesis: A Technique for Automated Software Debugging
Static Automatic Discovery of Deviations in Binary Implementations
Dynamic Dynamic test generation to find integer bugs in x86 binary Linux programs
Scripting Languages - Static Static Detection of Security Vulnerabilities in Scripting Languages
Web - Static VEX: Vetting Browser Extensions For Security Vulnerabilities
Memory Safety - Static CCured: Type-Safe Retrofitting of Legacy Code
Static Scalable and Systematic Detection of Buggy Inconsistencies in Source Code
Dynamic Bug Isolation via Remote Program Sampling
Dynamic SigGraph: Brute Force Scanning of Kernel Data Structure Instances Using Graph-based Signatures


  • Each student will present a research paper in the seminar.
  • You should plan your presentation for 50-70 minutes
  • Your presentation must include your own analysis of the paper - what are the good parts, what are the bad parts, what would you do differently, how could you extend the results? (see for example "How to read a research paper?")
  • The goal of the seminar is to study program analysis for security, and not to learn powerpoint. Students are encouraged to use/adpat the original slides used to present the paper by its authors. Grading is based on the ability to understand and present the research results in detail.
  • Final grade will be determined by 85% quality of the presentation and 15% attendance.


  • enrollment only with explicit permission. Send email to