*********************************
There is now a CONTENT FREEZE for Mercury while we switch to a new platform. It began on Friday, March 10 at 6pm and will end on Wednesday, March 15 at noon. No new content can be created during this time, but all material in the system as of the beginning of the freeze will be migrated to the new platform, including users and groups. Functionally the new site is identical to the old one. webteam@gatech.edu
*********************************
Atlanta, GA | Posted: October 27, 2020
Tess Malone, Communications Officer
Summary Sentence:
School of Computer Science Professor Alessandro Orso and his former student William Halfond won the IEEE/ACM International Conference on Automated Software Engineering (ASE) 2020 Most Influential Paper award for their innovative program analysis work.
Full Summary:
No summary paragraph submitted.
Alex Orso and Willian HalfondSchool of Computer Science Professor Alessandro Orso and his former student William Halfond won the IEEE/ACM International Conference on Automated Software Engineering (ASE) 2020 Most Influential Paper award for their innovative program analysis work.
The award honors research that had the most impact out of the papers published that year. Orso and Halfond, who is now an associate professor at the University of Southern California, won for their paper, AMNESIA: Analysis and Monitoring for NEutralizing SQL-injection Attacks.
Amnesia is a fully automated technique for detecting and preventing one of the most catastrophic types of web application attacks.
The research
SQL injection attacks (SQLIAs) inject malicious code into databases to expose information. This can lead to private information being leaked or even entire databases being corrupted. SQLIAs are one of the most prominent attack types, and at the time of this research, were considered the number-one threat for web applications.
Before Orso and Halfond introduced Amnesia, developers had to manually incorporate specific checks into their applications. This process was both time-consuming and prone to error.
Amnesia was the first fully automated techniques for detecting and preventing SQLIAs that was widely applicable and successful.
“Our approach was based on the intuition that developers implicitly provide, in the web application code, a policy on what kind of database requests are allowed,” Orso said.
With this in mind, Amnesia’s approach did three things:
The impact
The paper made ripples in the program analysis community.
“Our paper was one of the first papers that successfully applied program analysis techniques to the problem of SQLIAs,” Orso said.
As a result, other research groups built on that work and its underlying idea. To date, the original paper has been cited over 700 times.
It also jump-started Orso’s career. The concept became the basis for a project sponsored by the Department of Homeland Security, Preventing SQL Code Injection by Combining Static and Runtime Analysis, in collaboration with Professor Wenke Lee.
Orso and Halfond continued to advance the SQLIAs detection and prevention area in both their careers. The work also motivated Orso’s research group to develop general testing and analysis techniques for web applications — work that ultimately became Halfond’s Ph.D. dissertation.
“Receiving this prestigious award from the research community for a paper already so close to my heart is a humbling, exciting, and incredibly rewarding experience that goes beyond my wildest expectations,” Orso said.
