2, avenue de Vignate
38610 GIERES - FRANCE
Ph: +(33) 04 56 52 03 73
Hi... I am working in Verimag and LIG labs on Vulcain (vulnerability analysis) and DIAMONDS projects.
My CV provides more details.
My Postdoc contract is coming to the end in May 2013. Therefore, I am looking for some position. If you find my profile intresting and have some opportunity that matches well with my profile, please drop me a mail. My CV is: academic positions, Industrial Positions. :)
My research interests include:
- Static & Dynamic Security Program Analysis
- Intelligent fuzzing using evolutionary algorithms
- Vulnerability analysis
- Intrusion detection/prevention systems
- Machine learning and data mining in security
- Autonomic security and artificial immune system
- Apart from above, I also take interest in other aspects of network security, including secure network design, firewalls etc.
In the past, I have taught:
- Intermediate Representation slides (By Prof. Alex Aiken, Stanford).
- Code Optimization slides1, slides2 (by Prof. Alex Aiken, Stanford).
- Code Optimization and Code Generation slides (By Prof. Laurent Mounier, Verimag, Grenoble.)
- Cryptography and Number Theory (1999-200)
- Network Security -Firewalls and Intrusion Detection (2002 -2003).
My very recent publications (on vulnerability analysis)
- Fabien Duchene, Sanjay Rawat, Jean-Luc Richier, Roland Groz, A hesitation step into the blackbox: Heuristic based Web-Application Reverse-engineering" , Accepted in: NoSuchCon (NSC), Paris, France May 2013.
- Fabien Duchene, Sanjay Rawat, Jean-Luc Richier, Roland Groz, "KameleonFuzz : Smart-Fuzzing Evolutionnaire pour Detection Precise de XSS Type-2 en Boite Noire", Accepted in: Symposium sur la securite des technologies de l'information et des communications (SSTIC), Rennes Beaulieu Sud, France, 5-7 June 2013.
- Gustavo Grieco, Laurent Mounier, Marie-Laure Potet, Sanjay Rawat, A stack model for symbolic buffer overflow exploitability analysis (Extended Abstract)", Accepted in: 5th Workshop on the Constraints in Software Testing, Verification and Analysis CSTVA 2013 (in association with ICST 2013), Luxembourg, March 2013.
- Sanjay Rawat, Fabien Duchene, Roland Groz and Jean-Luc Richier, "Evolving Indigestible Codes: Fuzzing Interpreters with Genetic Programming",
Accepted in: IEEE Symposium on Computational Intelligence in Cyber Security (CICS 13), in association with IEEE SSCI 2013, 15 Mon -19 Fri April 2013, Singapore.
- Sanjay Rawat and Laurent Mounier, "Finding Buffer Overflow Inducing Loops in Binary Executables",
In Proc. of the IEEE International Conference on Software Security and Reliability (SERE) 2012, June 2012, Washington DC, USA. PDF
- Sanjay Rawat, Laurent Mounier, Value-Set-Analysis of Assembly (REIL) Programs (Technical Report), Verimag Technical Report, 2011.
- Fabien Duchene, Roland Groz, Sanjay Rawat, Jean-Luc Richierr, "XSS Vulnerability Detection Using Model Inference Assisted Evolutionary Fuzzing",
In proc. of the Third International Workshop on Security Testing (SECTEST), in association with ICST 2012, Montreal, IEEE CS press, April 2012
- Sanjay Rawat and Laurent Mounier, "Offset-Aware Mutation based Fuzzing for Buffer Overflow Vulnerabilities: Few Preliminary Results",
In proc. of The Second International Workshop on Security Testing (SECTEST) , in association with ICST 2011, Berlin, IEEE CS press, March 2011 (short paper) PDF
- Sanjay Rawat and Laurent Mounier, "An Evolutionary Computing Approach for Hunting Buffer Overflow Vulnerabilities: A case of aiming in dim light"
In the proc. of 6th EC2ND (European Conference on Computer Network Defense, Berlin, Oct 2010, IEEE CS, pp 37 - 45. PDF
My articles and citations as collected by Google Scholar For some reason, my DBLP entries are messed-up. As a result, it does not reflect the correct state of my publications => do not assess me on the basis of mere DBLP list.
We have released the tool to find "buffer overflow prone" (BOP) functions as described in our SERE 2012 paper. The zipped file of the source code can be downloaded HERE . The same is also available via GITHUB: https://github.com/tosanjay/BOPFunctionRecognition.git. If you use the tool and find it interesting, please cite our SERE paper, as given above in the publication section.
Some of the other important publications are available on my other home page
My older home page contains some more information about my work and interest.
Hmmm... so, working with 1s and 0s is not friendly :)