Bhargava Shastry
PhD Student, SecT, TU Berlin.
Education
2013-2018
Ph.D. Electrical Engineering and Computer Science, SecT, TU Berlin.
Dissertation title: Compiler Assisted Vulnerability Discovery
Over the past five years, I have developed an expertise in C/C++ code security audits, and compiler-driven static and dynamic vulnerability analyses. My work has contributed to four peer reviewed scientific publications on the topic which I have conceptualized and led, and several others which I have actively contributed to. Moreover, the tools I have written have helped uncover tens of vulnerabilities in open source networking software such as tcpdump, snort++, and Open vSwitch.
2008-2010
M.Sc. Computer Science, Ecole Polytechnique Federale de Lausanne.
At EPFL, I obtained a masters degree in computer science with a specialization in computer engineering. My masters thesis is titled “DPA attacks on certain cryptographic primitives on a common 8-bit microcontroller”. This work benefited from my specialisation and kindled my interest in computer security.
2003-2007
B.Tech Electrical and Electronics Engineering, National Institute of Technology Karnataka.
Experience
Jan 2019-Present
Security Engineer, Ethereum foundation.
Aug 2012-May 2013
Research Assistant, Computer Security Lab, Rice University.
At Rice University, I consulted on a security-program analysis project focused on large scale analysis of Tizen mobile applications. Specifically, I enumerated the ways in which security critical information flows from user input gathering APIs to data processing end points (sinks). My work contributed to the first security analysis of Tizen applications.
June 2011-May 2012
Research Employee, Fraunhofer Secure IT Institute, Darmstadt.
At Fraunhofer SIT, I ported TOMOYO Mandatory Access Control (MAC) system to Android. I also contributed to the design and development of an Android phone prototype with enhanced security features. The work has been published work in top-tier security conferences.
July 2007-July 2008
Software Engineer, Ittiam Systems Private Limited, Bangalore.
At Ittiam, I worked as an software development and testing engineer. I wrote C code for adding new features to the Voice over IP phone, Ittiam’s flagship product. Moreover, I was actively involved in fixing bugs, and serving as the point of contact for customers in remote locations.
March-July 2009
Student Assistant, EPFL+ECAL Lab, Lausanne.
At the ECAL lab, Implemented OpenCV extensions for a media research project.
Summer 2006
Intern, Ittiam Systems Private Limited, Bangalore.
As an intern at Ittiam, I designed an experiment to measure and analyze audio jitter in Ittiam VoIP phones so that Ittiam’s jitter reduction could be quantitatively and qualitatively evaluated.
Talks
OvS Orbit Interview
Podcast discussion with Ben Pfaff on my security audit of OvS and fuzzing frameworks
RAID'17
Static Program Analysis as a Fuzzing Aid
WOOT'17
Static Exploration of Taint-Style Vulnerabilities Found by Fuzzing
WOOT'17
Leveraging Flawed Tutorials for Seeding Large-Scale Web Vulnerability Discovery
DIMVA'16
Towards Vulnerability Discovery Using Staged Program Analysis
MoST'14
A First Look at Firefox OS Security
Awards
2018
Best paper award for “Taking Control of SDN-based Cloud Systems via the Data Plane” at SOSR’18
K. Thimmaraju, B. Shastry, T. Fiebig, F. Hetzelt, J.P. Seifert, A. Feldmann, S. Schmid.
2012/2017
USENIX Student Grant.
2009-10
Swiss Government Excellence Scholarship.
2007
Best paper presentation award for “Advanced Educational Tools for Modeling, Simulation, Impleme-ntation and Real-Time Testing of Modern Power System Protection Schemes-Particular Reference to Distance Protection” at the National Systems Conference (India) 2007
U.J. Shenoy, K.R. Satheesh, B.S. Kavyashree, B.Shastry
2006
Young Engineering Fellow, Indian Institute of Science, Bangalore.
Coding Skills
- C, C++, Python, Java, Bash
Professional Activities
Security Audits
snort++
tcpdump
Open vSwitch
GNU libosip2
OSS-Fuzz Integrations
Open vSwitch
libcoap
xmlsec
Reviewer
WOOT’14, MASCOTS’16, COMNET’17
Press
18 April 2017
Code-sharing leads to widespread bug sharing that black-hats can track
Our study on the relationship between vulnerable tutorials and real-world code was covered by The Register.
Teaching
Software Security, Computer Security Seminar, Telecommunications Security
References
Available on request.