Memory corruption errors in C/C++ are a never-ending source of
security vulnerabilities. DCI is designed to prevent attacks that leak
information or change important variables without changing the program's
normal control flow.
CCBot (short for CodeContractsBot) is a tool for automatically inferring, inserting, and checking CodeContracts
in C# code. It was developed during my first internship at Micrsoft Research Redmond
under the supervision of my mentor Francesco Logozzo. The code is now open source on Github.
(August 2012 to July 2014)
We aim to develop an integrated wind
farm control infrastructure optimizing for safety, longetivity, and
Yuseok Jeon, Priyam Biswas, Scott A. Carr, Byoungyoung Lee, and Mathias Payer.
HexType: Efficient Detection of Type Confusion Errors for C++.
ACM Conference on Computer and Communication Security 2017. (to appear)
Priyam Biswas, Alessandro Di Federico, Scott A. Carr, Prabhu Rajasekaran, Stijn Volckaert, Yeoul Na, Michael Franz, and Mathias Payer.
Venerable Variadic Vulnerabilities Vanquished.
Usenix Security Symposium 2017.
Scott A. Carr, Mathias Payer.
Configurable Data Confidentiality and Integrity with DataShield.
ACM Asia Conference on Computer and Communications Security 2017. (pdf)
Scott A. Carr, Francesco Logozzo, Mathias Payer.
Automatic Contract Insertion with CCBot.
IEEE Transactions on Software Engineering. Volume 43. Issue 8, August 1 2017.
Nathan Burow, Scott A. Carr, Stefan Brunthaler, Mathias Payer, Joseph Nash, Per Larsen, Michael Franz.
Control-Flow Integrity: Precision Security and Performance
ACM Computing Surveys. Volume 50. Issue 1. April 2017.
Chao Zhang, Scott A. Carr, Tongxin Li, Yu Ding, Chengyu Song, Mathias Payer, Dawn Song.
VTrust: Regaining Trust on Virtual Calls.
Internet Society Network and Distributed System Security Symposium 2016.
Scott A. Carr, Neil Pittman.
Extending gNOSIS for System Verilog HDL Static Analysis.
Microsoft Research Technical Report: MSR-TR-2015-68.
Scott A. Carr, Mathias Payer. Poster:
Data Confidentiality and Integrity.
IEEE Symposium on Security and Privacy 2015.
Sungmin Kim, Douglas E. Adams , Hoon Sohn, Gustavo Rodriguez-Rivera, Jan Vitek, Scott A. Carr, Ananth Grama.
Validation of Vibro-Acoustic Modulation of Wind Turbine Blades for Structural Health Monitoring Using Operational Vibration as a Pumping Signal.
International Workshop on Structural Health Monitoring 2013.