My research interests lie in the intersection of security and programming language. The goal is to strengthen the security of software applications by using the properties of
programming languages. Techniques that commonly involved in my research work include: Security Type Systems, Data/Control Flow Analysis, Formal Proof, Constraint Solvers, Compiler and etc.
- Information Flow Security: Protecting sensitive information that
used by computing systems has been a vital task in information security. Existing security practices can not guarantee that the end-to-end behavior
of the system will satisfy important security policies, such as confidentiality. Information flow security is a promising approach to such
security enforcement. It aims to protect confidential data used in computing systems. It studies how information propagates through the system and
provide end-to-end security guarantee for no disclosure of sensitive data.
- Fault Localizations: Debugging is a painful process in software development. Attempts
to reduce the number of delivered faults in software are estimated to consume 50% to 80% of the development and maintenance effort. Given the
complexity of software systems, tracing back from the failure to its cause generates a long list of suspicious locations that is hardly useful for
programmers. Fault localization technique directs a programmer’s attention to specific parts of a program as potential locations of the errors. In the
short-term, fault localization improves the efficiency of debugging; in the long-term, it will be one key enabling technique for developing tools to
automatically fix the errors.