Assertion Labs Research

Program Analysis & Formal Methods

Research at the intersection of static analysis, formal verification, and systems security. This page lists selected public work separately from active research areas and advisory services.

Research areas

WebAssembly Security
Binary-level analysis of WebAssembly modules, including vulnerability classification, symbolic execution, and runtime behavior.
Abstract Interpretation
Static analysis via abstract domains for reasoning about program properties without execution. Applied to compiled binaries and bytecode.
Formal Verification
Machine-checked and solver-aided reasoning about correctness properties in software systems.
Program Synthesis
Automated generation and validation of programs from specifications, with an emphasis on security-relevant transformations.
Evidence-Constrained Agentic Systems
Typed evidence, provenance, and deterministic validation around agent-proposed decisions in high-risk domains.

Publications

NSS 2024
Enhancing Network Security through Vulnerability Monitoring
Paper →

Conference paper with Anthony Gavazzi and Engin Kirda on vulnerability monitoring for network security.

Network Security Vulnerability Monitoring
IEEE S&P 2024
Holepunch: Fast, Secure File Deletion with Crash Consistency
Paper →

Conference paper with Zachary Ratliff, Wittmann Goh, Abe Wieland, and James Mickens on secure file deletion with crash consistency.

Systems Security Storage Crash Consistency
SANER 2023
Solder: Retrofitting Legacy Code with Cross-Language Patches
Paper →

Conference paper with Anthony Gavazzi and Engin Kirda on replacing vulnerable legacy C/C++ functions with memory-safe Rust patches.

Rust Program Analysis Security LLVM
USENIX Security 2023
A Study of Multi-Factor and Risk-Based Authentication Availability
Paper →

Conference paper with Anthony Gavazzi, Engin Kirda, Long Lu, Andre King, Andy Davis, and Tim Leek on MFA and risk-based authentication availability.

Authentication MFA Risk-Based Authentication
LNICST 2022
Breaking Embedded Software Homogeneity with Protocol Mutations
Paper →

Conference paper with Tongwei Ren, Sirshendu Ganguly, Lorenzo De Carli, and Long Lu on diversifying embedded software behavior through protocol mutations.

Embedded Systems Protocol Mutation Security
PETS 2022
Moby: A Blackout-Resistant Anonymity Network for Mobile Devices
Paper →

Conference paper with Amogh Pradeep, Hira Javaid, Antoine Rault, David Choffnes, Stevens Le Blond, and Bryan Alexander Ford on mobile anonymity under blackout conditions.

Anonymity Mobile Networks
USENIX Security 2021
Finding Bugs Using Your Own Code: Detecting Functionally-similar yet Inconsistent Code
Paper →

Conference paper with Mansour Ahmadi, Reza Mirzazade Farkhani, and Long Lu on detecting inconsistent implementations of functionally similar code.

Bug Finding Program Analysis Software Security
CHI 2021
"Naked and on Fire": Examining Player Agency Experiences in Narrative-Focused Gameplay
Paper →

Conference paper with Elin Carstensdottir, Erica Kleinman, and Magy Seif El-Nasr on player agency in narrative-focused gameplay.

Human-Computer Interaction Games Player Agency
TOSEM 2021
Guided Feature Identification and Removal for Resource-constrained Firmware
Paper →

Journal paper with Tongwei Ren, Lorenzo De Carli, Long Lu, and Gillian Smith on identifying and removing features from resource-constrained firmware.

Firmware Program Analysis Feature Removal
SOAP 2021
Weldr: Fusing Binaries for Simplified Analysis
Paper →

Workshop paper with Alexander Heinricher, Ava Klingbeil, and Alex Jordan on fusing binaries for simplified analysis.

Binary Analysis Program Analysis

Affiliations

Northeastern University
PhD, Computer Science · 2026
Graduate research in program analysis, systems security, and formal methods
IMDEA Software Institute
Visiting researcher
Formal techniques for synthesizing microarchitectural leakage contracts
Amazon Web Services
Senior Security Engineer
Authentication and authorization infrastructure at cloud scale