Saeid Tizpaz-Niari
PhD Candidate at CU Boulder
Email: {saeid.tizpazniari}at{
Address: ECCS 121, CS Department, CU Boulder

The key theme in my research is to automate the process of finding and localizing bugs and vulnerabilities in large-scale software systems. In particular, I am interested in analyzing non-functional properties of software systems at runtime such as the response times. My findings help discover multiple performance bugs in popular ML libraries such as scikit-learn and timing side-channel vulnerabilities in critical Java libraries such as OpenJDK ([1],[2],[3]).  My advisors are Prof. Pavol Cerny and  Ashutosh TrivediI will be joining to CS department at University of Texas El Paso (UTEP) as a tenure-track Assistant Professor starting Fall 2020.

Research Area
  • Application of Machine Learning for Software Security and Performance
  • Static and Dynamic Analysis for Software Security and Performance
  • Performance and Security Analysis of Machine Learning Algorithms

      Talks and Lectures


        Projects: (Program Analysis + Machine Learning for security and performance)
        Application of machine learning techniques for finding performance/security bugs [ISSTA'20,NDSS'20,RV'19,CAV'19,AAAI'18,TACAS'17]. 

        Neural Network for detecting and quantifying information Leaks
        Programs often handle sensitive data such as credit card numbers or medical histories. Developers are careful that eavesdroppers cannot easily access the secrets (for instance, by using encryption algorithms). However, a side channel might arise even if the transferred data is encrypted. In this case, runtime observations such as response time or network traffics leak secrets to eavesdroppers. The main observation in this project is that the runtime observations such as response times are often simpler functions than program functionalities. For example, merge sort has complex functionality to sort elements in an array, but the running time is O(n.log(n)). Based on this observation, we use deep neural networks to directly learn non-functional aspects of software such as the running time. These models take the same inputs as the program but predict the running times as opposed to predicting outputs. The next step is to design a specialized architecture to detect and quantify information leaks due to timing observations. We use auto-encoder models (pairs of encoder and decoder) and MILP formulations to find out the mutual information between secret inputs and response time. Please see our RV'19 paper for more details.

        Debugging and Mitigating Information Leaks

        Are different modes in execution times leak secret information? We have developed novel dynamic analysis techniques to discover, explain, and mitigate information leaks due to timing side channels. FUCHSIA is develop to detect and explain side channels, whereas SCHMIT has developed to mitigate side channels. FUCHSIA starts by gathering interesting inputs about secret and public inputs using a specialized fuzzing system. Then, FUCHSIA models timing observation for each secret with functions: the timing model of each secret value is a function from public inputs to execution times. Then, FUCHSIA uses a novel functional data clustering algorithm to discover what properties about secrets are the same inside a cluster and what properties distinguish different clusters. Finally, it employs a functional extension of decision tree models to pinpoint vulnerable fragments in code and help developers find out what properties of secrets are leaking. SCHMIT is side-channel mitigator equipped with two novel deterministic and stochastic mitigation algorithms to minimize the amount of information leaks, while respecting an upper bound on the performance overheads.
        For more information, see NDSS'20 and CAV'19Please check out my recent talk at NDSS'20 to know more about this research:

        Performance debugging
        Building a tool that can identify performance bugs is difficult when dealing with a large system.
        We are developing DPDEBUGGER, a machine-learning based approach to identify different classes of performances and explain their differences in terms of program internals. Algorithm implementations include two novel functional clustering algorithms by extending K-Means and Spectral clusterings followed by a decision tree learning algorithm. The output of DPDEBUGGER is a regression tree model.
        See ISSTA'20AAAI'18, and TACAS'17 papers for more information. 

        SCHMITDPDEBUGGER and DISCRIMINER tools are available.

        Honors and Awards
        • Recipient of the 2018 Gold Research Award from ECEE department of CU Boulder in April 2018.
        • Winner of Second Prize among 650 participants in the 1st Microsoft Open Source Challenge in April 2016
        • Graduated among top 10% of IT MS students in CE Department of Sharif University of Technology in Sep 2013. 
        • Ranked 1st among 56 of BS students at ECE department of Tabriz University in July 2011. 

        Saeid Tizpaz-Niari is currently a PhD Candidate in the ECEE department at the University of Colorado Boulder. His research interests are at the intersection of Software Security, Machine Learning, and Verification. He is the first author of multiple publications in top tier Security, AI, Verification, and Software Engineering conferences. In 2018, he received the Gold Research Award from the ECEE department at CU Boulder. In addition, he won second prize for his submission to the First Microsoft Open Source Challenge. Prior to his PhD, he obtained an M.S degree from CE department at Sharif University of Technology in 2013 and B.S degree from ECE department of Tabriz University in 2011.