Portfolio item number 1
Short description of portfolio item number 1
Posts by Collection
portfolio
Portfolio item number 2
Short description of portfolio item number 2
publications
SecureImgStego: A Keyed Shuffling-based Deep Learning Model for Secure Image Steganography
Published in 2023 IEEE Conference on Communications and Network Security (CNS), 2023
In this study, we uncovered the inherent vulnerabilities in deep learning based steganogaphic systems, and proposed simple shuffling based solution to mitigate that.
How Quickly Do Developers Update Their Vulnerable Dependencies?
Published in arxiv, 2024
We quantified the updatedness of dependencies and updatedness of vulnerable dependencies in the context of open source dependencies in this project. The idea is very common in Reliability domain (e.g., Mean-Time-To-Update, Mean-Time-To-Repair, Mean-Time-To-Remediate). We did a large-scale study of our proposed update metrics in NPM, PyPI, and Cargo packages.
What’s in a Package? Getting Visibility Into Dependencies Using Security-Sensitive API Calls
Published in arxiv, 2024
We made a list of Security Sensitive APIs in Java using JDK documentation, past CVE fixes, and CWE examples. We then measured the prevalence of these Security-Sensitive API usage in our chosen 45 Java packages and in their dependencies. We finally conducted a developer survey to validate whether security-sensitive API information can be helpful in selecting dependencies.
Towards a Taxonomy of Challenges in Security Control Implementation
Published in 2024 Annual Computer Security Applications Conference (ACSAC), 2024
A taxonomy of challenges encountered when implementing security controls.
S3C2 Summit 2024-09: Industry Secure Software Supply Chain Summit
Published in arxiv, 2025
An industry-focused summit report on secure software supply chains.
If you cannot Measure it, you cannot Secure it: A Case Study on Metrics for Informed Choice of Security Controls
Published in Journal of Information Security and Applications, 2025
A case study on metrics that inform selection of security controls.
Research Directions in Software Supply Chain Security
Published in ACM Transactions on Software Engineering and Methodology, 2025
A roadmap of research directions for software supply chain security.
Relative Positioning Based Code Chunking Method For Rich Context Retrieval In Repository Level Code Completion Task With Code Language Model
Published in Context Collection Workshop 2025 (co-located with ASE 2025), 2025
A code chunking method for richer context retrieval in repository-level code completion.
Which Is Better For Reducing Outdated and Vulnerable Dependencies: Pinning or Floating?
Published in 40th IEEE/ACM International Conference on Automated Software Engineering, ASE 2025, 2025
An empirical comparison of pinning vs. floating dependency declarations.
talks
Talk 1 on Relevant Topic in Your Field
Published:
This is a description of your talk, which is a markdown files that can be all markdown-ified like any other post. Yay markdown!
Conference Proceeding talk 3 on Relevant Topic in Your Field
Published:
This is a description of your conference proceedings talk, note the different field in type. You can put anything in this field.
teaching
Teaching experience 1
Undergraduate course, University 1, Department, 2014
This is a description of a teaching experience. You can use markdown like any other post.
Teaching experience 2
Workshop, University 1, Department, 2015
This is a description of a teaching experience. You can use markdown like any other post.