Mondays 14:30-16:30, Taub 4

Instructor: Eran Yahav

In this seminar you will get a taste of current cyber-security threats and program analysis techniques for battling them. For example, using automatic techniques for showing that a web-site is not exposed to certain security vulnerabilities.

We will cover a wide range of approaches, including dynamic program analyses, static program analyses, and language based security.


Tentative Schedule


We are fortunate to have a guest lecture by Adi Sharabani, who is going to speak about cyber-security threats and how they are used in the wild.

Adi Sharabani is in charge of the IBM Rational security strategy and architecture. As part of his role, Adi is responsible for leading, designing, and deploying overall security processes within the IBM Rational development groups. Adi was formerly the head the IBM Rational Application Security Research, responsible for research activities on web application security as well as the security logic of the AppScan product suite. In addition to his roles at IBM, Adi is also a high school teacher where he invests much time in teaching and education of the future generation. You can read more about Adi and his team at


View Grades


Date Topic References Presenter Slides
7/3 Misc Automatic Patch-Based Exploit Generation is Possible: Techniques and Implications Nimrod [pptx]
7/3 Scripting Languages - Static Gatekeeper: Mostly Static Enforcement of Security and Reliability Policies for JavaScript Code Michael [ppt]
14/3 Dynamic Dynamic test generation to find integer bugs in x86 binary Linux programs Karine [pdf]
14/3 Static Staged Information Flow for JavaScript Haggai [pdf]
21/3 Memory Safety - Static CCured: Type-Safe Retrofitting of Legacy Code Anastasia [pptx]
21/3 Memory Safety - Dynamic EXE: Automatically Generating Inputs of Death
KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs
Yoni [pptx]
28/3 Web - Static XFI: Software Guards for System Address Spaces Muli [pdf]
28/3 Memory Safety - Static CSSV: towards a realistic tool for statically detecting all buffer overflows in C Ittay [pptx]
4/4 Web Apps - Static The Essence of Command Injection Attacks in Web Applications Alon [ppt]
4/4 Static TaintScope: A Checksum-Aware Directed Fuzzing Tool for Automatic Software Vulnerability Detection Maya [pptx]
11/4 Web Apps - Static Sound and Precise Analysis of Web Applications for Injection Vulnerabilities Ron K. [ppt]
11/4 Web - Static VEX: Vetting Browser Extensions For Security Vulnerabilities Doron [pptx]
18/4 no seminar
25/4 no seminar
2/5 Web - Static Using Static Analysis for Ajax Intrusion Detection Elina [pptx]
2/5 Scripting Languages - Static A Symbolic Execution Framework for JavaScript Itamar
9/5 no seminar
16/5 Memory Safety - Dynamic DieHard: Probabilistic Memory Safety for Unsafe Languages David R. [pptx]
16/5 Web - Hybrid NOZZLE: A Defense Against Heap-spraying Code Injection Attacks Ron G.
23/5 Dynamic All You Ever Wanted to Know About Dynamic Taint Analysis and Forward Symbolic Execution Amit P.
23/5 Information Flow - Static Merlin: Specification Inference for Explicit Information Flow Problems Daria
30/5 Web Apps - Language Secure Web Applications via Automatic Partitioning (SWIFT) More
30/5 Static MOPS: an Infrastructure for Examining Security Properties of Software Nir
6/6 no seminar
13/6 Dynamic Input Generation via Decomposition and Re-Stitching: Finding Bugs in Malware Yeonatan
13/6 Static DIVINE: DIscovering Variables IN Executables Cynthia
20/6 Static Analysis-Resistant Malware Yaniv
20/6 Misc Synthesizing Near-Optimal Malware Specifications from Suspicious Behaviors Ilya
to be scheduled Scripting Languages - Static Static Detection of Security Vulnerabilities in Scripting Languages Dan G.


  • Each student will present a research paper in the seminar.
  • You should plan your presentation for 50-70 minutes
  • Your presentation must include your own analysis of the paper - what are the good parts, what are the bad parts, what would you do differently, how could you extend the results? (see for example "How to read a research paper?")
  • The goal of the seminar is to study program analysis for security, and not to learn powerpoint. Students are encouraged to use/adpat the original slides used to present the paper by its authors. Grading is based on the ability to understand and present the research results in detail.
  • Final grade will be determined by 85% quality of the presentation and 15% attendance.


  • enrollment only with explicit permission. Send email to