We are targeting both Java programs and Windows binaries (without source or debug information). In both cases we are combining static analysis (provided by Kestrel Technology's Codehawk) with runtime analysis. Code that can not be shown to be safe statically can be instrumented at runtime. We are developing a variety of instrumentation ranging from binary program shepherding to taint analysis. We have wide range of openings in both Java analysis and binary analysis. These include UROPS (immediately and in the summer and fall), MEng students, graduate students, postdocs, and staff.
All of the research requires proficiency in either C or Java. Experience and/or interest in the one or more of the following areas is very helpful as well:
If you are interested, please contact Jeff Perkins <jhp@csail.mit.edu>