{"640661":{"#nid":"640661","#data":{"type":"news","title":"Pioneering Program Analysis Paper Honored","body":[{"value":"\u003Cp\u003ESchool of Computer Science Professor \u003Ca href=\u0022https:\/\/www.cc.gatech.edu\/~orso\/\u0022\u003E\u003Cstrong\u003EAlessandro Orso\u003C\/strong\u003E\u003C\/a\u003E and his former student William Halfond won the IEEE\/ACM International Conference on \u003Ca href=\u0022https:\/\/conf.researchr.org\/home\/ase-2020\/\u0022\u003EAutomated Software Engineering (ASE)\u003C\/a\u003E 2020 Most Influential Paper award for their innovative program analysis work.\u003C\/p\u003E\r\n\r\n\u003Cp\u003EThe award honors research that had the most impact out of the papers published that year. Orso and Halfond, who is now an associate professor at the University of Southern California, won for their paper, \u003Cem\u003EAMNESIA: Analysis and Monitoring for NEutralizing SQL-injection Attacks.\u003C\/em\u003E\u003C\/p\u003E\r\n\r\n\u003Cp\u003EAmnesia is a fully automated technique for detecting and preventing one of the most catastrophic types of web application attacks.\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u003Cstrong\u003EThe research\u003C\/strong\u003E\u003C\/p\u003E\r\n\r\n\u003Cp\u003ESQL injection attacks (SQLIAs) inject malicious code into databases to expose information. This can lead to private information being leaked or even entire databases being corrupted. SQLIAs are one of the most prominent attack types, and at the time of this research, were considered the number-one threat for web applications.\u003C\/p\u003E\r\n\r\n\u003Cp\u003EBefore Orso and Halfond introduced Amnesia, developers had to manually incorporate specific checks into their applications. This process was both time-consuming and prone to error.\u003C\/p\u003E\r\n\r\n\u003Cp\u003EAmnesia was the first fully automated techniques for detecting and preventing SQLIAs that was widely applicable and successful.\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u0026ldquo;Our approach was based on the intuition that developers implicitly provide, in the web application code, a policy on what kind of database requests are allowed,\u0026rdquo; Orso said.\u003C\/p\u003E\r\n\r\n\u003Cp\u003EWith this in mind, Amnesia\u0026rsquo;s approach did three things:\u003C\/p\u003E\r\n\r\n\u003Col\u003E\r\n\t\u003Cli\u003EExtracted a policy from the code using static analysis\u003C\/li\u003E\r\n\t\u003Cli\u003EChecked database requests against this policy\u003C\/li\u003E\r\n\t\u003Cli\u003EStopped requests that violated the policy, as they were likely SQLIAs\u003C\/li\u003E\r\n\u003C\/ol\u003E\r\n\r\n\u003Cp\u003E\u003Cstrong\u003EThe impact\u003C\/strong\u003E\u003C\/p\u003E\r\n\r\n\u003Cp\u003EThe paper made ripples in the program analysis community.\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u0026ldquo;Our paper was one of the first papers that successfully applied program analysis techniques to the problem of SQLIAs,\u0026rdquo; Orso said.\u003C\/p\u003E\r\n\r\n\u003Cp\u003EAs a result, other research groups built on that work and its underlying idea. To date, the original paper has been cited over 700 times.\u003C\/p\u003E\r\n\r\n\u003Cp\u003EIt also jump-started Orso\u0026rsquo;s career. The concept became the basis for a project sponsored by the Department of Homeland Security, \u003Cem\u003EPreventing SQL Code Injection by Combining Static and Runtime Analysis\u003C\/em\u003E, in collaboration with Professor \u003Ca href=\u0022https:\/\/wenke.gtisc.gatech.edu\/\u0022\u003E\u003Cstrong\u003EWenke Lee\u003C\/strong\u003E\u003C\/a\u003E.\u003C\/p\u003E\r\n\r\n\u003Cp\u003EOrso and Halfond continued to advance the SQLIAs detection and prevention area in both their careers. The work also motivated Orso\u0026rsquo;s research group to develop general testing and analysis techniques for web applications \u0026mdash; work that ultimately became Halfond\u0026rsquo;s Ph.D. dissertation.\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u0026ldquo;Receiving this prestigious award from the research community for a paper already so close to my heart is a humbling, exciting, and incredibly rewarding experience that goes beyond my wildest expectations,\u0026rdquo; Orso said.\u003C\/p\u003E\r\n","summary":null,"format":"limited_html"}],"field_subtitle":"","field_summary":"","field_summary_sentence":[{"value":"School of Computer Science Professor Alessandro Orso and his former student William Halfond won the IEEE\/ACM International Conference on Automated Software Engineering (ASE) 2020 Most Influential Paper award for their innovative program analysis work."}],"uid":"34541","created_gmt":"2020-10-27 18:46:52","changed_gmt":"2020-10-27 19:20:28","author":"Tess Malone","boilerplate_text":"","field_publication":"","field_article_url":"","dateline":{"date":"2020-10-27T00:00:00-04:00","iso_date":"2020-10-27T00:00:00-04:00","tz":"America\/New_York"},"extras":[],"hg_media":{"640669":{"id":"640669","type":"image","title":"Alex Orso and Willian Halfond","body":null,"created":"1603826390","gmt_created":"2020-10-27 19:19:50","changed":"1603826390","gmt_changed":"2020-10-27 19:19:50","alt":"William Halfond and Alex Orso","file":{"fid":"243511","name":"OrsoHalfond.jpg","image_path":"\/sites\/default\/files\/images\/OrsoHalfond.jpg","image_full_path":"http:\/\/www.tlwarc.hg.gatech.edu\/\/sites\/default\/files\/images\/OrsoHalfond.jpg","mime":"image\/jpeg","size":75456,"path_740":"http:\/\/www.tlwarc.hg.gatech.edu\/sites\/default\/files\/styles\/740xx_scale\/public\/images\/OrsoHalfond.jpg?itok=SvNEl1c9"}}},"media_ids":["640669"],"groups":[{"id":"47223","name":"College of Computing"},{"id":"50875","name":"School of Computer Science"}],"categories":[],"keywords":[],"core_research_areas":[],"news_room_topics":[],"event_categories":[],"invited_audience":[],"affiliations":[],"classification":[],"areas_of_expertise":[],"news_and_recent_appearances":[],"phone":[],"contact":[{"value":"\u003Cp\u003ETess Malone, Communications Officer\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u003Ca href=\u0022mailto:tess.malone@cc.gatech.edu\u0022\u003Etess.malone@cc.gatech.edu\u003C\/a\u003E\u003C\/p\u003E\r\n","format":"limited_html"}],"email":[],"slides":[],"orientation":[],"userdata":""}}}