Xusheng Xiao (肖旭生)

         
           
Researcher
         Computer Security Department
         NEC Laboratories America
         
        
         Telephone: +1 609-951-2666
         Email:  xsxiao at nec-labs dot com






   Call For Submissions:

   Please submit your high-quality work to
    
JCST Special Section on Software Systems and    




Short Bio
I received my Ph.D. in Computer Science from North Carolina State University, advised by Prof. Tao Xie and Prof. Laurie Williams
I was a visiting student at University of Illinois at Urbana-Champaign for 2013-2014.

My general research interests span between software engineering and computer securitywith the focus on making software and system more reliable and secure via program analysis, software testing, text analysis, and system monitoring.


        Selected Professional Services:

    • 2016: Guest Editor, JCST Special Section on "Software Systems"
    • 2016: Program Committee, ICSE Software Engineering in Practice (SEIP), ICST Testing Tool Demos
    • 2015: Program Committee, ICSE Demo 
    • 2014: Program Committee, PERTEA, ISSTA Artifact Evaluation, OOPSLA Artifact Evaluation


Selected Publications [Complete List] [DBLP][Google Scholar]

Software/System Security:
  • Zhang Xu, Zhenyu Wu, Zhichun Li, Kangkook Jee, Junghwan Rhee, Xusheng Xiao, Fengyuan Xu, Haining Wang, and Guofei Jiang. High Fidelity Data Reduction for Big Data Security Dependency AnalysesIn Proceedings of the 23rd ACM Conference on Computer and Communications Security (CCS 2016), Vienna, Austria, October 2016. [PDF]
  • Bo Zong, Xusheng Xiao, Zhichun Li, Zhenyu Wu, Zhiyun Qian, Xifeng Yan, Ambuj K. Singh, and Guofei Jiang. Behavior Query Discovery in System-Generated Temporal GraphsIn Proceedings of the 42nd International Conference on Very Large Data Bases (VLDB 2016), pages 240-251, New Delhi, India, September 2016. [PDF] [arXiv]
  • Jianjun Huang, Zhichun Li, Xusheng Xiao, Zhenyu Wu, Kangjie Lu, Xiangyu Zhang, and Guofei Jiang. SUPOR: Precise and Scalable Sensitive User Input Detection for Android Apps. In Proceedings of the 24th USENIX Security Symposium (USENIX Security 2015), pages 977-992, Washington, D.C., August 2015. [PDF(Acceptance Rate: 15.7%, 67 out of 426).
  • Wei Yang, Xusheng Xiao, Benjamin Andow, Sihan Li, Tao Xie, and William Enck. AppContext: Differentiating Malicious and Benign Mobile App Behaviors Under ContextIn Proceedings of the 37th International Conference on Software Engineering (ICSE 2015), pages 303-312, Florence, Italy, May 2015. [PDF] (Acceptance Rate: 18.5%, 84 out of 452).
  • John Slankas, Xusheng Xiao, Laurie Williams, and Tao Xie. Relation Extraction for Inferring Access Control Rules from Natural Language Artifacts. To appear in Proceedings of the 2014 Annual Computer Security Applications Conference (ACSAC 2014), pages 366-375, New Orleans, Louisiana, USA, December 2014. [PDF]
  • Rahul Pandita, Xusheng Xiao, Wei Yang, William Enck, and Tao Xie.  WHYPER: Towards Automating Risk Assessment of Mobile Applications In Proceedings of the 22nd USENIX Security Symposium (USENIX Security 2013)pages 527-542,Washington DC, August 2013.  [PDF(Acceptance Rate: 45 / 277 = 16.2%).
  • Xusheng Xiao, Amit Paradkar, Suresh Thummalapenta and Tao XieAutomated Extraction of Security Policies from Natural-Language Software DocumentsIn Proceedings of the 20th ACM SIGSOFT International Symposium on the Foundations of Software Engineering (FSE 2012), pages 12:1-12:11Research Triangle Park, North Carolina, USA, November 2012[PDF][Slides(Acceptance Rate: 17.4%, 35 out of 201).
    • Xusheng Xiao, Nikolai Tillmann, Manuel Fahndrich, Jonathan de Halleux, and Michal Moskal. User-Aware Privacy Control via Extended Static-Information-Flow Analysis In Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering 2012 (ASE 2012), pages 80-89, Essen, Germany, 2012[PDF(Acceptance Rate: 15.2%, 21 out of 138)
    Software Testing / Program Analysis
      • Sihan Li, Xusheng Xiao, Blake Bassett, Tao Xie, and Nikolai Tillmann. Measuring Code Behavioral Similarity for Programming and Software Engineering EducationIn International Conference on Software Engineering (ICSE 2016), Education Track, May 2016 [PDF
      • Xusheng XiaoGogul Balakrishnan, Franjo Ivancic, Naoto Maeda, Aarti Gupta and Deepak Chhetri ARC++: : Effective Typestate and Lifetime Dependency Analysis In Proceedings of the 2014 International Symposium on Software Testing and Analysis (ISSTA 2014), pages 116-126, Bay Area, California, July 2014. [PDF] (Acceptance Rate: 28.1%, 36 out of 128)
      • Xusheng Xiao, Shi Han, Tao Xie, and Dongmei Zhang.  Context-Sensitive Delta Inference for Identifying Workload-Dependent Performance Bottlenecks In Proceedings of the 2013 International Symposium on Software Testing and Analysis (ISSTA 2013)pages 90-100, Lugano Switzerland, July 2013. [PDF] (Acceptance Rate: 25.8%, 32 out of 124).
      • Xusheng Xiao, Sihan Li, Tao Xie, and Nikolai Tillmann. Characteristic Studies of Loop Problems for Structural Test Generation via Symbolic Execution. In Proceedings of the 28th IEEE/ACM International Conference on Automated Software Engineering (ASE 2013), pages 246-256, Palo Alto, California, November 2013. [PDF] (Acceptance Rate: 17.0%, 43 out of 254).
      • Rahul Pandita, Xusheng Xiao, Hao Zhong, Tao Xie, Stephen Oney, and Amit Paradkar. Inferring Method Specifications from Natural Language API DescriptionsIn Proceedings of the 34rd International Conference on Software Engineering (ICSE 2012), pages 815-825, Zurich, Switzerland, June 2012. [PDF(Acceptance Rate: 87 / 408 = 21.3%) 
      • Xusheng Xiao, Tao Xie, Nikolai Tillmann, and Jonathan de Halleux. Precise Identification of Problems for Structural Test Generation. In Proceedings of the 33rd International Conference on Software Engineering (ICSE 2011), pages 611-620, Honolulu, Hawaii, May 2011. [PDF][Demo][Tool]. (Acceptance Rate: 14%, 62 out of 442) 
        • shorter version of this paper won the award of "Best project representing an innovative use of Microsoft technology" in ICSE 2011! 
        • An extended abstract of this paper won the award of "ICSE SRC Best Project Representing an Innovative Use of Microsoft Technology" in ACM SRC Grand Final 2012