Bhargava Shastry

PhD Student, SecT, TU Berlin.

Home | GitHub | Google Scholar | Linkedin

Education

2013-2018 Ph.D. Electrical Engineering and Computer Science, SecT, TU Berlin.

Dissertation title: Compiler Assisted Vulnerability Discovery

Over the past five years, I have developed an expertise in C/C++ code security audits, and compiler-driven static and dynamic vulnerability analyses. My work has contributed to four peer reviewed scientific publications on the topic which I have conceptualized and led, and several others which I have actively contributed to. Moreover, the tools I have written have helped uncover tens of vulnerabilities in open source networking software such as tcpdump, snort++, and Open vSwitch.

2008-2010 M.Sc. Computer Science, Ecole Polytechnique Federale de Lausanne.

At EPFL, I obtained a masters degree in computer science with a specialization in computer engineering. My masters thesis is titled “DPA attacks on certain cryptographic primitives on a common 8-bit microcontroller”. This work benefited from my specialisation and kindled my interest in computer security.

2003-2007 B.Tech Electrical and Electronics Engineering, National Institute of Technology Karnataka.

Experience

Jan 2019-Present Security Engineer, Ethereum foundation.

Aug 2012-May 2013 Research Assistant, Computer Security Lab, Rice University.

At Rice University, I consulted on a security-program analysis project focused on large scale analysis of Tizen mobile applications. Specifically, I enumerated the ways in which security critical information flows from user input gathering APIs to data processing end points (sinks). My work contributed to the first security analysis of Tizen applications.

June 2011-May 2012 Research Employee, Fraunhofer Secure IT Institute, Darmstadt.

At Fraunhofer SIT, I ported TOMOYO Mandatory Access Control (MAC) system to Android. I also contributed to the design and development of an Android phone prototype with enhanced security features. The work has been published work in top-tier security conferences.

July 2007-July 2008 Software Engineer, Ittiam Systems Private Limited, Bangalore.

At Ittiam, I worked as an software development and testing engineer. I wrote C code for adding new features to the Voice over IP phone, Ittiam’s flagship product. Moreover, I was actively involved in fixing bugs, and serving as the point of contact for customers in remote locations.

March-July 2009 Student Assistant, EPFL+ECAL Lab, Lausanne.

At the ECAL lab, Implemented OpenCV extensions for a media research project.

Summer 2006 Intern, Ittiam Systems Private Limited, Bangalore.

As an intern at Ittiam, I designed an experiment to measure and analyze audio jitter in Ittiam VoIP phones so that Ittiam’s jitter reduction could be quantitatively and qualitatively evaluated.

Talks

OvS Orbit Interview Podcast discussion with Ben Pfaff on my security audit of OvS and fuzzing frameworks

RAID'17 Static Program Analysis as a Fuzzing Aid

WOOT'17 Static Exploration of Taint-Style Vulnerabilities Found by Fuzzing

WOOT'17 Leveraging Flawed Tutorials for Seeding Large-Scale Web Vulnerability Discovery

DIMVA'16 Towards Vulnerability Discovery Using Staged Program Analysis

MoST'14 A First Look at Firefox OS Security

Awards

2018 Best paper award for “Taking Control of SDN-based Cloud Systems via the Data Plane” at SOSR’18
K. Thimmaraju, B. Shastry, T. Fiebig, F. Hetzelt, J.P. Seifert, A. Feldmann, S. Schmid.

2012/2017 USENIX Student Grant.

2009-10 Swiss Government Excellence Scholarship.

2007 Best paper presentation award for “Advanced Educational Tools for Modeling, Simulation, Impleme-ntation and Real-Time Testing of Modern Power System Protection Schemes-Particular Reference to Distance Protection” at the National Systems Conference (India) 2007
U.J. Shenoy, K.R. Satheesh, B.S. Kavyashree, B.Shastry

2006 Young Engineering Fellow, Indian Institute of Science, Bangalore.

Coding Skills

C, C++, Python, Java, Bash

Professional Activities

Security Audits snort++ tcpdump Open vSwitch GNU libosip2

OSS-Fuzz Integrations Open vSwitch libcoap xmlsec

Reviewer WOOT’14, MASCOTS’16, COMNET’17

Press

18 April 2017 Code-sharing leads to widespread bug sharing that black-hats can track
Our study on the relationship between vulnerable tutorials and real-world code was covered by The Register.

Teaching

Software Security, Computer Security Seminar, Telecommunications Security

References

Available on request.