IIIT, Prof. CR Rao Road
Gachibowli, Hyderabad (AP) - 500 032 INDIA
Ph: +(91) 40- 6653 1587
Hi... I am a computer science researcher, working in the field of information security. My research journey began during my M.Phil. course when I started studying Cryptography. At some 'carrefour', the journey took a turn in the direction of network security... And I started working on intrusion detection systems which became the subject of my PhD thesis. The journey continued in the same direction until I reached another 'carrefour' to take a turn in the direction of "program analysis and security of software"....
Now I am focusing on static/dynamic security program analysis of binary (executable) code and smart fuzzing..
I joined IIIT, Hyderabad as assistant professor. I am part of CSTAR group (Center for Security, Theory & Algorithmic Research)
In the recent past, I worked at Verimag and LIG labs on Vulcain (vulnerability analysis) and DIAMONDS projects.
My CV provides more details.
My research interests include:
- Static & Dynamic Security Program Analysis
- Intelligent fuzzing using evolutionary algorithms
- Vulnerability analysis
- Intrusion detection/prevention systems
- Machine learning and data mining in security
- Autonomic security and artificial immune system
- Apart from above, I also take interest in other aspects of network security, including secure network design, firewalls etc.
- IIIT-H, Assistant Professor, Feb 2014 -
- VNR VigyanJyoti IET, Associate Professor, Aug, 2014 - Dec, 2014
- Verimag/LIG, Uni. Grenoble, France, Postdoc, Dec, 2009 - May, 2013
- Infosys Labs, research Associate, Dec, 2008 - Nov, 2009
- University of Trento, Italy, Postdoc, Mar, 2007 - Oct, 2007
- Intoto Softwares (now FreeScale), Security Research Engineer, Jun, 2005 - Feb, 2007
- IDRBT, Research Fellow, Jan, 2001 - Jun, 2005.
- "Computer System Organization, UG course, Spring, 2015.
- "System and Network Security" UG/PG course, Spring 2015.
- "Research in Information Security" Advanced course in information Security, Monsoon 2014(More info HERE).
- "Advanced Computer Networks", Monsoon 2014 (More info HERE).
- "Network and System Security", Winter 2014 (volunteering few lectures in this course, mainly on software vulnerabilities).
- "Computer Organization", to UG class of IIIT Sri City, Winter 2014 (currently operating from IIIT campus). Course info will be updated soon
- Principles of Information Security" to MTech in Computer networks & information security, at VNR VJIET, Hyderabad. Course info is available Here
In the distant past, I have taught:
- Intermediate Representation slides (By Prof. Alex Aiken, Stanford).
- Code Optimization slides1, slides2 (by Prof. Alex Aiken, Stanford).
- Code Optimization and Code Generation slides (By Prof. Laurent Mounier, Verimag, Grenoble.)
- Cryptography and Number Theory (1999-200)
- Network Security -Firewalls and Intrusion Detection (2002 -2003).
My very recent publications (on vulnerability analysis)
- Sanjay Rawat, Laurent Mounier and Marie-Laure Potet, "LiSTT: An Investigation into Unsound-incomplete Yet Practical Result Yielding Static Taintflow Analysis",
Accepted in: ARES workshop International Software Assurance Workshop (SAW 2014), University of Fribourg, Switzerland, Fribourg, Switzerland, 8th - 12th September 2014.
- Vijayendra Grampurohit, Vijay Kumar, Sanjay Rawat, Shatrunjay Rawat, "Category Based Malware detection for Android",
Accepted in: Second International Symposium on Security in Computing and Communications (SSCC’14), September 24-27,2014, Greater Noida, Delhi, India.
- Fabien Duchene, Sanjay Rawat, Jean-Luc Richier, Roland Groz, KameleonFuzz: Evolutionary Fuzzing for Black-Box XSS Detection, Accepted in: ACM CODASPY, San Antonio, TX, USA, 2014.
- Fabien Duchene, Sanjay Rawat, Jean-Luc Richier, Roland Groz, KameleonFuzz: The day Darwin drove my XSS Fuzzer! (short version), 1st European workshop on Web Application Security Research (WASR) with OWASP AppSecEU, 2013.
- Fabien Duchene, Sanjay Rawat, Jean-Luc Richier, Roland Groz, LigRE: Reverse-Engineering of Control and Data Flow Models for Black-Box XSS Detection", Accepted in: WCRE, Koblenz, Germany, Oct 2013. [PDF]
- Fabien Duchene, Sanjay Rawat, Jean-Luc Richier, Roland Groz, A hesitation step into the blackbox: Heuristic based Web-Application Reverse-engineering" , Accepted in: NoSuchCon (NSC), Paris, France May 2013.
- Fabien Duchene, Sanjay Rawat, Jean-Luc Richier, Roland Groz, "KameleonFuzz : Smart-Fuzzing Evolutionnaire pour Detection Precise de XSS Type-2 en Boite Noire", Accepted in: Symposium sur la securite des technologies de l'information et des communications (SSTIC), Rennes Beaulieu Sud, France, 5-7 June 2013.
- Gustavo Grieco, Laurent Mounier, Marie-Laure Potet, Sanjay Rawat, A stack model for symbolic buffer overflow exploitability analysis (Extended Abstract)", Accepted in: 5th Workshop on the Constraints in Software Testing, Verification and Analysis CSTVA 2013 (in association with ICST 2013), Luxembourg, March 2013.
- Sanjay Rawat, Fabien Duchene, Roland Groz and Jean-Luc Richier, "Evolving Indigestible Codes: Fuzzing Interpreters with Genetic Programming",
Accepted in: IEEE Symposium on Computational Intelligence in Cyber Security (CICS 13), in association with IEEE SSCI 2013, 15 Mon -19 Fri April 2013, Singapore.
- Sanjay Rawat and Laurent Mounier, "Finding Buffer Overflow Inducing Loops in Binary Executables",
In Proc. of the IEEE International Conference on Software Security and Reliability (SERE) 2012, June 2012, Washington DC, USA. PDF
- Sanjay Rawat, Laurent Mounier, Value-Set-Analysis of Assembly (REIL) Programs (Technical Report), Verimag Technical Report, 2011.
- Fabien Duchene, Roland Groz, Sanjay Rawat, Jean-Luc Richierr, "XSS Vulnerability Detection Using Model Inference Assisted Evolutionary Fuzzing",
In proc. of the Third International Workshop on Security Testing (SECTEST), in association with ICST 2012, Montreal, IEEE CS press, April 2012
- Sanjay Rawat and Laurent Mounier, "Offset-Aware Mutation based Fuzzing for Buffer Overflow Vulnerabilities: Few Preliminary Results",
In proc. of The Second International Workshop on Security Testing (SECTEST) , in association with ICST 2011, Berlin, IEEE CS press, March 2011 (short paper) PDF
- Sanjay Rawat and Laurent Mounier, "An Evolutionary Computing Approach for Hunting Buffer Overflow Vulnerabilities: A case of aiming in dim light"
In the proc. of 6th EC2ND (European Conference on Computer Network Defense, Berlin, Oct 2010, IEEE CS, pp 37 - 45. PDF
My articles and citations as collected by Google Scholar For some reason, my DBLP entries are messed-up. As a result, it does not reflect the correct state of my publications => do not assess me on the basis of mere DBLP list.
We have released the tool to find "buffer overflow prone" (BOP) functions as described in our SERE 2012 paper. The zipped file of the source code can be downloaded HERE . The same is also available via GITHUB: https://github.com/tosanjay/BOPFunctionRecognition.git. If you use the tool and find it interesting, please cite our SERE paper, as given above in the publication section.
Some of the other important publications are available on my other home page
My older home page contains some more information about my work and interest.
Hmmm... so, working with 1s and 0s is not friendly :)