Research Overview

My group studies how AI assisted software systems can be made secure, reliable, measurable, and deployable. We combine program analysis, empirical software engineering, software security, mobile ecosystem analysis, and LLM based automation to build practical methods, benchmarks, and tools for trustworthy software systems.

For the full list of publications, please see here.

Theme 1: Secure, Reliable, and Measurable AI Assisted Software Systems

This research theme investigates how AI assisted software systems can be made secure, reliable, measurable, and deployable. The core focus remains computer science, particularly software engineering, program analysis, software security, empirical software engineering, and AI assisted software development. As large language models and agentic AI systems are increasingly used to generate, test, repair, debug, and operate software, software engineering needs new methods for semantic reasoning, reliability assessment, security analysis, benchmark design, workflow validation, and cost aware deployment. This work treats AI assistance as part of real software ecosystems rather than isolated text generation.

Theme 1: Secure, Reliable, and Measurable AI Assisted Software Systems

Program Reasoning and Semantic Analysis

Developing techniques for understanding and validating software behavior at the semantic level. This direction combines program analysis, static analysis, dynamic analysis, taint analysis, configuration analysis, and LLM assisted reasoning to detect defects, security risks, compatibility issues, and behavioral inconsistencies in software systems.

    Core capability:
  • Program analysis reasoning
  • Cross representation and cross layer semantic reasoning
  • Semantic validation of AI generated code and patches
  • Representative papers and assets:
  • Artemis: LLM Assisted inter procedural path sensitive taint analysis (OOPSLA 2025, CCS 2023) Top
  • LLM CompDroid: Repairing configuration compatibility bugs (TOSEM 2025)
  • KEENHash: Large scale binary code similarity analysis (ISSTA 2025) Top
  • Valuable asset to add:
  • Semantic validation of AI generated software artifacts in computational workflows, such as notebooks, scripts, and data processing pipelines.

AI Assisted Software Generation, Testing, Debugging, and Repair

Studying how AI systems support core software engineering activities, including code generation, test generation, automated debugging, program repair, and low code software development. This direction asks when AI assistance improves software quality, when it introduces hidden defects, and how generated artifacts can be systematically evaluated and improved.

    Core capability:
  • Quality assessment of AI generated code
  • Reliable test generation and validation
  • Automated debugging and program repair
  • Provenance and attribution of AI generated code
  • Representative papers and assets:
  • Test augmentation (OOPSLA 2026) Top
  • Coverage goal selection (TSE 2024)
  • Low Code Programming using traditional versus LLM support (JSS 2025)
  • ChatGPT versus search based software testing (TSE 2024)
  • Unearthing Gas Wasting Code Smells in Smart Contracts (TSE 2024)
  • Assessing the Quality of Code Generation by ChatGPT (TSE 2024)
  • Valuable asset to add:
  • A unified AI assisted software construction pipeline that links generation, testing, static analysis, security review, repair validation, and human oversight.

Benchmarking and Measurement of AI Assisted Software Systems

Developing benchmarks and metrics for evaluating AI assisted software systems. The focus is not only whether an AI system produces a correct answer, but whether the generated software artifact is reliable, secure, reproducible, maintainable, cost efficient, and suitable for deployment.

    Core capability:
  • Benchmark design and evaluation metrics
  • Software correctness, security exposure, reproducibility, and traceability
  • Cost aware inference and carbon footprint measurement
  • Representative papers and assets:
  • SecBenchLLM, ongoing benchmark project
  • LLM EcoBench Lite, ongoing benchmark project
  • Cost aware inference studies and carbon footprint evaluation
  • Valuable asset to add:
  • A benchmark framework that reports test pass rate, incorrect patch risk, newly introduced vulnerabilities, inference cost, review effort, and carbon footprint in the same evaluation table.

Security of AI Assisted and Agentic Software Ecosystems

Studying the security risks introduced when AI systems interact with software tools, repositories, package managers, files, command line environments, APIs, and external services. This direction treats tool using AI systems as part of real software ecosystems and focuses on sandboxing, runtime monitoring, permission control, auditability, supply chain security, and runtime evidence reconstruction.

    Core capability:
  • Tool using coding agents and software automation agents
  • Sandboxing, permission control, runtime monitoring, and audit logging
  • Runtime evidence reconstruction for software supply chain attacks
  • Prompt injection defense, malicious dependency detection, and data leakage prevention
  • Representative papers and assets:
  • MCP SandboxScan: WASM based secure execution and runtime analysis for MCP tools (CoRR 2026)
  • FuseChain: Runtime evidence reconstruction for software supply chain attacks (CoRR 2026)
  • Android app bundle analysis (TSE 2025)
  • Third party library and dependency analysis (ASE 2019, TSE 2021)
  • Repackaged Apps Detection (SANER 2019)
  • App Debloat (TSE 2022)
  • Valuable asset to add:
  • A security benchmark for tool using coding agents, covering unsafe execution, prompt injection, dependency attacks, unintended data exposure, and runtime evidence reconstruction.

Reliability of Computational and Developer Workflows

Studying the reliability of software workflows that involve scripts, notebooks, automation tools, data pipelines, and AI agents. This direction focuses on concrete computational and developer workflows, including whether they contain exception handling, output validation, logging, permission boundaries, and failure recovery mechanisms.

    Core capability:
  • Reliability analysis of notebooks, scripts, automation pipelines, and developer workflows
  • Output validation, logging, exception handling, and failure recovery
  • Permission boundaries and safety checks in AI assisted workflows
  • Representative papers and assets:
  • Bug characterization in Jupyter systems (EASE 2025)
  • Public workflow reliability study, ongoing empirical project
  • Valuable asset to add:
  • A workflow reliability benchmark for AI generated or AI assisted computational workflows, such as notebooks, scripts, and automation pipelines.

Sustainable and Cost Aware Deployment of AI Assisted Software Systems

Studying the deployment cost, energy use, and carbon footprint of AI assisted software engineering systems. The goal is to make AI assisted software development not only technically effective, but also economically and environmentally sustainable.

    Core capability:
  • Correctness per unit cost
  • Reliability improvement per carbon footprint
  • Deployable and scalable model choices for software engineering tasks
  • Representative papers and assets:
  • LLM EcoBench Lite, ongoing benchmark project
  • Cost aware inference studies, ongoing research direction
  • Carbon footprint evaluation for AI assisted software engineering, ongoing research direction
  • Valuable asset to add:
  • A measurement study comparing small and large models across bug repair, code generation, testing, and workflow generation under accuracy, cost, and carbon constraints.

Theme 2: Mobile Security and Android Ecosystem Analysis

Understanding security, privacy risks, and malicious behaviors in large-scale mobile ecosystems through systematic analysis of applications, system mechanisms, and software supply chains.

Theme 2: Mobile Security and Android Ecosystem Analysis

Apps & Android OS Security

    Representative papers:
  • Unauthorized encrypted private data transmission (ICSE 2026) Top
  • Mobile Sharing Service Abuse (WWW 2022) Top
  • App Link Attack (FSE 2020) Top
  • Resource Race Attack (SANER 2020)
  • Diehard Android Apps (ASE 2020) Top

Malware Detection and Adversarial Analysis

    Representative papers:
  • Fine-grained malicious component detection (ASE 2023) Top
  • Adversarial attacks on deep learning apps (JSEP 2023)

App Ecosystem and Supply Chain Security

    Representative papers:
  • Android app bundle analysis (TSE 2025)
  • Third-party library and dependency analysis (ASE 2019,TSE 2021)
  • Repackaged Apps Detection (SANER 2019)
  • App Debloat (TSE 2022)

Theme 3: Empirical Software Engineering and User-Centric Analysis

Conducting large-scale empirical studies to understand software quality, developer behavior, and user feedback.

Theme 3: Empirical Software Engineering and User-Centric Analysis

Bug Analysis and Software Quality

    Representative papers:
  • Bug characterization in Jupyter systems (EASE 2025)
  • Defect prediction and software quality studies (SCP 2025, IJSEKE 2023, ICPADS 2021, WCMC 2021, TReli 2021, SAC 2021, QRS 2020, IST 2020, QRS 2019, ISSRE 2019, JCST 2019, JSS 2019a, JSS 2019b, IST 2018, ICPC 2018)

User Review and Feedback Mining

    Representative papers:
  • User-review-based bug localization (TSE 2022)
  • Feedback Analysis in SPL Forked Developments (SPLC 2025)