Publications

Publications

 

  • Ken (Yihang) Bai and Tuba Yavuz. MMIO Access-Based Coverage for Firmware Analysis. IEEE Computer and Network Security, 2023.
  • Ruochen Dai and Tuba Yavuz. A Symbolic Approach for Detecting Hardware Trojans Triggered by Don’t Care Transitions. ACM Trans. Des. Autom. Electron. Syst. 28, 2, Article 28 (March 2023), 31 pages. https://doi.org/10.1145/3558392.
  • Tuba Yavuz, Farhaan Fowze, Grant Hernandez, Ken (Yihang) Bai, Kevin Butler, and Dave (Jing) Tian. ENCIDER: Detecting Timing and Cache Side Channels in SGX Enclaves and Cryptographic APIs. To appear in IEEE Transactions on Dependable and Secure Computing early access
  • Christopher Brant and Tuba Yavuz. A Study on the Testing of Android Security Patches. IEEE CNS 2022: 217-225
  • Tuba Yavuz and Christopher Brant. Security Analysis of IoT Frameworks using Static Taint Analysis. Accepted for publication in the Proceedings of the 12th ACM Conference on Data and Application Security and Privacy, Baltimore-Washington DC, April 24-26, 2022.
  • Tuba Yavuz. SIFT: A Tool for Property Directed Symbolic Execution of Multithreaded Software. Accepted for publication in the Proceedings of the 15th IEEE International Conference on Software Testing, Verification and Validation (ICST 2022).(Testing Tools Track) (sift pre-print).
  • Farhaan Fowze and Tuba Yavuz. Finding Memory Vulnerabilities in Protocol Stack Implementations using Hybrid Program Analysis. NSysS 2021.
  • Farhan Fowze and Tuba Yavuz. SEESAW: A Tool for Detecting Memory Vulnerabilities in Protocol Stack Implementations. MEMOCODE 2021.
  • Tuba Yavuz. Verifying Absence of Hardware-Software Data Races using Counting Abstraction. MEMOCODE 2020: 1-6.
  • Tuba YavuzKen Yihang Bai: Analyzing system software components using API model guided symbolic execution. Autom. Softw. Eng. 27(3): 329-367 (2020).
  • Tuba Yavuz. Partial predicate abstraction and counter-example guided refinement. J. Log. Algebraic Methods Program. 110 (2020).
  • Farhaan Fowze, Dave (Jing) Tian, Grant Hernandez, Kevin Butler, and Tuba Yavuz. “ProXray: Protocol Model Learning and Guided Firmware Analysis”. To appear in the IEEE Transactions on Software Engineering. preprint early access link
  • Tuba Yavuz. “Detecting Callback Related Deep Vulnerabilities in Linux Device Drivers”. To appear in the proceedings of 2019 IEEE Secure Development Conference (SecDev), September 25-27, 2019, McLean, VA.
  • Grant Hernandez, Dave (Jing) Tian, Farhaan Fowze, Tuba Yavuz, Patrick Traynor, and Kevin Butler. “Towards Automated Firmware Analysis in the IoT Era.” IEEE Security and Privacy, April 2019.
  • Grant Hernandez, Farhaan Fowze, Dave (Jing) Tian, Tuba Yavuz, and Kevin Butler. “FirmUSB: Vetting USB Device Firmware using Domain Informed Symbolic Execution”. Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (CCS’17), Dallas, USA, Oct.30th-Nov.3rd, 2017. paper.
  • Chelsea A. Metcalf and Tuba Yavuz. “Detecting Potential Deadlocks Through Change Impact Analysis”. To appear in Software Quality Journal, Springer. DOI: 10.1007/s11219-017-9377-3. (view only content) Invited to be presented at the journal-track of ICST’18.
  • Farhaan Fowze and Tuba Yavuz. “Specification, Verification, and Synthesis using Extended State Machines with Callbacks”. Proceedings of the 14th ACM-IEEE International Conference on Formal Methods and Models for System Design (MEMOCODE 2016), Kanpur, India, November 18-20, 2016. bibtex paper slides
  • Tuba Yavuz. “Combining Predicate Abstraction with Fixpoint Approximations”. Proceedings of the 14th International Conference on Software Engineering and Formal Methods (SEFM 2016), Vienna, Austria, 4-8 July 2016. bibtex paper slides
  • Chelsea A. Metcalf, Farhaan Fowze, Tuba Yavuz, Jose Fortes. “Extracting Configuration Parameter Interactions using Static Analysis”. Proceedings of the 24th IEEE International Conference on Program Comprehension (ICPC 2016), Austin, Texas, May 2016.
  • KyungHee Kim, Tuba Yavuz-Kahveci, Beverly A. Sanders. “JRF-E: using model checking to give advice on eliminating memory model-related bugs”. Automated Software Engineering 19(4): 491-530 (2012).
  • Huafeng Jin, Tuba Yavuz-Kahveci, and Beverly Sanders. “Java Memory Model-Aware Model Checking”. Proceedings of the 18th International Conference, TACAS 2012.
  • Huafeng Jin, Tuba Yavuz-Kahveci, and Beverly Sanders. “Java Path Relaxer: Extending JPF for JMM-aware model checking”. In: JPF Workshop 11 (2011).
  • KyungHee Kim, Tuba Yavuz-Kahveci, and Beverly Sanders. “JRF-E: Using Model Checking to give Advice on Eliminating Memory Model-related Bugs”. Proceedings of 25th IEEE/ACM International conference on Automated Software Engineering (ASE 2010), Antwerp, Belgium, 20-24 September 2010.
  • KyungHee Kim, Tuba Yavuz-Kahveci, and Beverly Sanders. “Precise Data Race detection in Relaxed Memory Model using Heuristic based Model Checking”. Proceedings of 24th IEEE/ACM International conference on Automated Software Engineering (ASE 2009), Auckland, New Zealand, 16th-20th November 2009.
  • Tuba Yavuz-Kahveci, Tevfik Bultan. “Action Language verifier: an infinite-state model checker for reactive software specifications”. Formal Methods in System Design 35(3): 325-367 (2009)
  • Tuba Yavuz-Kahveci and Tevfik Bultan. “Verification of Parameterized Hierarchical State Machines Using Action Language Verifier”. In Proceedings of the Third ACM-IEEE International Conference on Formal Methods and Models for Codesign (MEMOCODE 2005). (.ps)
  • Tuba Yavuz-Kahveci, Constantinos Bartzis, and Tevfik Bultan. “Action Language Verifier, Extended”. Proceedings of the 17th International Conference on Computer Aided Verification (CAV 2005). (.ps) (.pdf)
  • Specification and Automated Verification of Concurrent Software Systems, Ph.D. thesis, Computer Science Department of University of California, Santa Barbara, September 2004. (.pdf)
  • Tuba Yavuz-Kahveci and Tevfik Bultan. “A Symbolic Manipulator for Automated Verification of Reactive Systems with Heterogeneous Data Types”. International Journal on Software Tools for Technology Transfer (STTT), special issue on selected papers from the 7th International Conference on Tools and Algorithms for the Construction and Analysis of Software Systems (TACAS 2001), vol. 5, no. 1, pp. 15-33, November 2003. (.pdf)
  • Tuba Yavuz-Kahveci and Tevfik Bultan. “Automated Verification of Concurrent Linked Lists with Counters”. Proceedings of the 9th International Static Analysis Symposium (SAS ’02), September 17-20, Madrid, Spain. (.pdf)
  • Tuba Yavuz-Kahveci and Tevfik Bultan. “Specification, Verification, and Synthesis of Concurrency Control Components”. Proceedings of the 2002 ACM/SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2002), July 22-24, 2002, Via di Ripette, Rome, Italy. (.pdf)
  • Tuba Yavuz-Kahveci and Tevfik Bultan. “Heuristics for Efficient Manipulation of Composite Constraints”. Proceedings of the 4th International Workshop on Frontiers of Combining Systems (FroCoS 2002), Alessandro Armando, ed., LNAI 2309, pp. 57-71, Springer, Santa Margherita Ligure, Italy, April 8-10, 2002. (.pdf)
  • Tevfik Bultan and Tuba Yavuz-Kahveci. “Action Language Verifier”. Proc. of 16th International Conference on Automated Software Engineering (ASE’01), San Diego, CA, U.S.A., November 26-29, 2001. (.pdf)
  • Tuba Yavuz-Kahveci, Murat Tuncer, and Tevfik Bultan. “A Library for Composite Symbolic Representations”. Proc. of 7th International Conference on Tools and Algorithms for Construction and Analysis of Systems (TACAS’01), Genova, Italy, April 2-6, 2001. (.pdf)
  • Tuba Yavuz-Kahveci, Tamer Kahveci, and Ambuj Singh. “Buffering of Multimedia Index Structures”, SPIE 2000, Boston.
  • Tuba Yavuz and H. Altay Guvenir. “An Application of K-Nearest Neighbor on Feature Projections Method to Text Categorization”. Proc. of the  13th International Symposium on Computer  and Information Sciences (ISCIS 98), Antalya, Turkey, October 26 – 28, 1998.
  • Tuba Yavuz and A. Pinar Saygin. “Query Processing in Context Oriented Retrieval of Information”. Proc. of Fourth International Conference on Computer Science and Informatics (CS&I’98), Research Triangle Park, NC., U.S.A., October 23-28, 1998.