Research Information
Research Interests
My general research interests span between software engineering and computer security, with the focus on making software and computer systems more Reliable, Intelligent, Secure, and Efficient (RISE).
We developed effective and scalable techniques that extract mobile app behaviors from different perspectives by analyzing multiple types of artifacts, including app code, app descriptions, API documents, app meta-data, and graphical user interfaces (GUI). We developed security data analytics techniques that automatically identify the causes and impacts of attacks and query systems that enable attack investigation using system audit data. We developed static program analysis techniques and dynamic symbolic execution techniques to improve software testing (ICSE'2011, ASE'13, ICSE'16 Edu, DSN'18), bug detection (ISSTA'13, ISSTA'14). We also developed text analysis techniques to improve access control policy extraction (FSE'12, ACSAC'14) and precondition extraction from API documents (ICSE'12).
Publications
Xusheng Xiao, Xiaoyin Wang, Zhihao Cao, Hanlin Wang, and Peng Gao. IconIntent: Automatic Identification of Sensitive UI Widgets based on Icon Classification for Android Apps. In Proceedings of the 41st ACM/IEEE International Conference on Software Engineering (ICSE 2019), Montreal, Canada, May 2019. [PDF] (Acceptance Rate: 20.6%, 109 out of 529).
Yun Ma, Yangyang Huang, Ziniu Hu, Xusheng Xiao, and Xuanzhe Liu. Paladin: Automated Generation of Reproducible Test Cases for Android Apps. In Proceedings of the 20th Workshop on Mobile Computing Systems and Applications (HotMobile 2019), Santa Cruz, CA, USA, Feb 2019.
Peng Gao, Xusheng Xiao, Ding Li, Zhichun Li, Kangkook Jee, Zhenyu Wu, Chung Hwan Kim, Sanjeev R. Kulkarni, and Prateek Mittal. SAQL: A Stream-based Query System for Real-Time Abnormal System Behavior Detection. In Proceedings of the USENIX Security Symposium (USENIX Security 2018), Boston, MA, USA, July 2018.
Peng Gao, Xusheng Xiao, Zhichun Li, Kangkook Jee, Fengyuan Xu, Sanjeev R. Kulkarni, and Prateek Mittal. AIQL: Enabling Efficient Attack Investigation from System Monitoring Data. In Proceedings of the USENIX Annual Technical Conference (USENIX ATC 2018), Boston, MA, USA, July 2018.
Patrick Morrison, Rahul Pandita, Xusheng Xiao, Ram Chillarege, Laurie Williams. Are Vulnerabilities Discovered and Resolved Like Other Defects? In Proceedings of the 37th International Conference on Software Engineering (ICSE 2018), Journal First Paper, Gothenburg, Sweden, May 2018.
Angello Astorga, Siwakorn Srisakaokul, Xusheng Xiao, and Tao Xie. PreInfer: Automatic Inference of Preconditions via Symbolic Analysis. In Proceedings of the 48th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2018), Luxembourg, June 2018.
Patrick Morrison, Rahul Pandita, Xusheng Xiao, Ram Chillarege, Laurie Williams. Are Vulnerabilities Discovered and Resolved Like Other Defects? Empirical Software Engineering (EMSE), pages 1-39, 2017.
Yujie Yuan, Lihua Xu, Xusheng Xiao, Andy Podguiski, Huibiao Zhu. RunDroid: Recovering Excution Call Graph for Android Applications. In Proceedings of the 11th joint meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE 2017), Demonstrations Track, pages 949-953, Paderborn, Germany, September 2017.
Zheng Dong, Yuchuan Liu, Husheng Zhou, Xusheng Xiao, Yu Gu, Lingming Zhang and Cong Liu. An Energy-efficient Offloading Framework with Predictable Temporal Correctness. In ACM/IEEE Symposium on Edge Computing (SEC), San Jose, CA, October, 2017.
Dengfeng Li, Wing Lam, Wei Yang, Zhengkai Wu, Xusheng Xiao, Tao Xie. Towards Privacy-Preserving Mobile Apps: A Balancing Act. In Proceedings of the Symposium and Bootcamp on the Science of Security (HotSoS 2017), Hanover, Maryland, April 2017.
Zhang Xu, Zhenyu Wu, Zhichun Li, Kangkook Jee, Junghwan Rhee, Xusheng Xiao, Fengyuan Xu, Haining Wang, and Guofei Jiang. High Fidelity Data Reduction for Big Data Security Dependency Analyses. In Proceedings of the 23rd ACM Conference on Computer and Communications Security (CCS 2016), Vienna, Austria, October 2016.
Bo Zong, Xusheng Xiao, Zhichun Li, Zhenyu Wu, Zhiyun Qian, Xifeng Yan, Ambuj K. Singh, and Guofei Jiang. Behavior Query Discovery in System-Generated Temporal Graphs. In Proceedings of 42nd International Conference on Very Large Data Bases (VLDB 2016), pages 240-251, New Delhi, India, September 2016.
Sihan Li, Xusheng Xiao, Blake Bassett, Tao Xie, and Nikolai Tillmann. Measuring Code Behavioral Similarity for Programming and Software Engineering Education. In International Conference on Software Engineering (ICSE 2016), Education Track, May 2016.
Jianjun Huang, Zhichun Li, Xusheng Xiao, Zhenyu Wu, Kangjie Lu, Xiangyu Zhang, and Guofei Jiang. SUPOR: Precise and Scalable Sensitive User Input Detection for Android Apps. In Proceedings of the 24th USENIX Security Symposium (USENIX Security 2015), pages 977-992, Washington, D.C., August 2015. [PDF] (Acceptance Rate: 15.7%, 67 out of 426).
- Top 10 finalists for CSAW Best Paper Award
Wei Yang, Xusheng Xiao, Benjamin Andow, Sihan Li, Tao Xie, and William Enck. AppContext: Differentiating Malicious and Benign Mobile App Behaviors Under Context. In Proceedings of the 37th International Conference on Software Engineering (ICSE 2015), pages 303-313, Florence, Italy, May 2015. [PDF] (Acceptance Rate: 18.5%, 84 out of 452).
John Slankas, Xusheng Xiao, Laurie Williams, and Tao Xie. Relation Extraction for Inferring Access Control Rules from Natural Language Artifacts. In Proceedings of the 2014 Annual Computer Security Applications Conference (ACSAC 2014), pages 366-375, New Orleans, Louisiana, USA, December 2014.
Xusheng Xiao, Gogul Balakrishnan, Franjo Ivancic, Naoto Maeda, Aarti Gupta and Deepak Chhetri. ARC++: : Effective Typestate and Lifetime Dependency Analysis. In Proceedings of the 2014 International Symposium on Software Testing and Analysis (ISSTA 2014), pages 116-126, Bay Area, California, July 2014. [PDF] (Acceptance Rate: 28.1%, 36 out of 128).
Xusheng Xiao, Shi Han, Tao Xie, and Dongmei Zhang. Context-Sensitive Delta Inference for Identifying Workload-Dependent Performance Bottlenecks. In Proceedings of the 2013 International Symposium on Software Testing and Analysis (ISSTA 2013), pages 90-100, Lugano Switzerland, July 2013. [PDF] (Acceptance Rate: 32 / 124 = 25.8%)
Xusheng Xiao, Sihan Li, Tao Xie, and Nikolai Tillmann. Characteristic Studies of Loop Problems for Structural Test Generation via Symbolic Execution. In Proceedings of the 28th IEEE/ACM International Conference on Automated Software Engineering (ASE 2013), pages 246-256, Palo Alto, California, November 2013. [PDF] (Acceptance Rate: 17.0%, 43 / 254 = 17.0%).
Rahul Pandita, Xusheng Xiao, Wei Yang, William Enck, and Tao Xie. WHYPER: Towards Automating Risk Assessment of Mobile Applications. In Proceedings of the 22nd USENIX Security Symposium (USENIX Security 2013), pages 527-542,Washington DC, August 2013. [PDF] (Acceptance Rate: 45 / 277 = 16.2%)
Xusheng Xiao, Amit Paradkar, Suresh Thummalapenta and Tao Xie. Automated Extraction of Security Policies from Natural-Language Software Documents. In Proceedings of the 20th ACM SIGSOFT International Symposium on the Foundations of Software Engineering (FSE 2012), pages 12:1-12:11, Research Triangle Park, North Carolina, USA, November 2012. [PDF][Slides] (Acceptance Rate: 35 / 201 = 17.4%)
Xusheng Xiao, Nikolai Tillmann, Manuel Fahndrich, Jonathan de Halleux, Michal Moskal. User-Aware Privacy Control via Extended Static-Information-Flow Analysis. In Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering 2012 (ASE 2012), pages 80-89, Essen, Germany, September 2012. [PDF] (Acceptance Rate: 21 / 138 = 15.2%)
- The static analysis engine based on this paper is integrated into TouchDevelop, Microsoft Research.
- This paper was invited for journal submission
- A US patent was granted for the work of this paper
Rahul Pandita, Xusheng Xiao, Hao Zhong, Tao Xie, Stephen Oney, and Amit Paradkar. Inferring Method Specifications from Natural Language API Descriptions. In Proceedings of the 34rd International Conference on Software Engineering (ICSE 2012), pages 815-825, Zurich, Switzerland, June 2012. [PDF] (Acceptance Rate: 87 / 408 = 21.3%)
Xusheng Xiao, Tao Xie, Nikolai Tillmann, and Jonathan de Halleux. Precise Identification of Problems for Structural Test Generation. In Proceedings of the 33rd International Conference on Software Engineering (ICSE 2011), pages 611-620, Honolulu, Hawaii, USA, May 2011. [PDF] (Acceptance Rate: 62 / 442 = 14%)