Muath Alkhalaf

Muath Alkhalaf

Academic Level: 
Alumnus/Alumna
Degrees earned: 
M.S., Ph.D.
Employer: 
King Saud University
Email: 
muath @t cs dot ucsb dot edu
Website Link: 
Muath Alkhalaf
Advisor: 
Tevfik Bultan

Education

  • King Saud University - Riyadh - Saudi Arabia
  • University of California Santa Barbara - Santa Barbara - California - USA

Bio

I am Muath Alkhalaf a PhD student at UCSB in Computer Science Department. I am a member of Software Verification Lab supervised by Prof. Tevfik Bultan.

Currently I am working on verification of input validation and sanitization in web applications. I am a co-developer of Stranger "an Automata Based String Analysis Tool for PHP Web Applications".

Research

  1. Fang Yu, Muath Alkhalaf, Tevfik Bultan and Oscar H. Ibarra. "Automata-Based Symbolic String Analysis for Vulnerability Detection." Formal Methods in System Design, pages 1-27, September 2013
  2. Muath Alkhalaf, Shauvik Roy Choudhary, Mattia Fazzini, Tevfik Bultan, Alessandro Orso and Christopher Kruegel. "ViewPoints: Differential String Analysis for Discovering Client and Server-Side Input Validation Inconsistencies." Proceedings of the 2012 International Symposium on Software Testing and Analysis (ISSTA 2012).
  3. Muath Alkhalaf, Tevfik Bultan, and Jose L. Gallegos. "Verifying Client-Side Input Validation Functions Using String Analysis." Proceedings of the 34th International Conference on Software Engineering (ICSE 2012), pages 947-957, Zurich, Switzerland, June 2-9, 2012.
  4. Fang Yu, Muath Alkhalaf and Tevfik Bultan. "Patching Vulnerabilities with Sanitization Synthesis." Proceedings of the 33rd International Conference on Software Engineering (ICSE 2011), pages 251-260, Waikiki, Honolulu , Hawaii, USA, May 21-28, 2011.
  5. Fang Yu, Muath Alkhalaf and Tevfik Bultan. "Stranger: An Automata-based String Analysis Tool for PHP." Tool paper. Proceedings of the 16th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS 2010), LNCS 6015, pages 154-157, Paphos, Cyprus, March 20-28, 2010.
  6. Sylvain Halle, Tevfik Bultan, Graham Hughes, Muath Alkhalaf and Roger Villemaire. "Runtime Verification of Web Service Interface Contracts." IEEE Computer, volume 43, number 3, pages 59-66, March 2010.
  7. Sylvain Halle, Graham Hughes, Tevfik Bultan, and Muath Alkhalaf. "Generating Interface Grammars from WSDL for Automated Verification of Web Services." Proceedings of the 7th International Conference on Service Oriented Computing (ICSOC 2009), pp. 516-530, Stockholm, Sweden, November 24-27, 2009
  8. Fang Yu, Muath Alkhalaf and Tevfik Bultan. "Generating Vulnerability Signatures for String Manipulating Programs Using Automata-based Forward and Backward Symbolic Analyses." Short paper. Proceedings of the 24th IEEE/ACM International Conference on Automated Software Engineering (ASE 2009), pp. 605-609, Auckland, New Zealand, November 16-20, 2009
  9. Graham Hughes, Tevfik Bultan and Muath Alkhalaf. "Client and Server Verification for Web Services Using Interface Grammars." Proceedings of the Workshop on Testing, Analysis and Verification of Web Software (TAV-WEB 2008), pp. 40-46, Seattle, Washington, July 21, 2008