My general research interests span between software engineering and computer security, with the focus on Software/System Security and Software Testing/Program Analysis.
Selected Professional Services:
- 2016: Guest Editor, JCST Special Section on "Software Systems"
- 2016: Program Committee, ICSE Software Engineering in Practice (SEIP), ICST Testing Tool Demos
- 2015: Program Committee, ICSE Demo
- 2014: Program Committee, PERTEA, ISSTA Artifact Evaluation, OOPSLA Artifact Evaluation
- Bo Zong, Xusheng Xiao, Zhichun Li, Zhenyu Wu, Zhiyun Qian, Xifeng Yan, Ambuj K. Singh, and Guofei Jiang. Behavior Query Discovery in System-Generated Temporal Graphs. In Proceedings of the 42nd International Conference on Very Large Data Bases (VLDB 2016), pages 240-251, New Delhi, India, September 2016. [PDF] [arXiv]
- Jianjun Huang, Zhichun Li, Xusheng Xiao, Zhenyu Wu, Kangjie Lu, Xiangyu Zhang, and Guofei Jiang. SUPOR: Precise and Scalable Sensitive User Input Detection for Android Apps. In Proceedings of the 24th USENIX Security Symposium (USENIX Security 2015), pages 977-992, Washington, D.C., August 2015. [PDF] (Acceptance Rate: 15.7%, 67 out of 426).
- Wei Yang, Xusheng Xiao, Benjamin Andow, Sihan Li, Tao Xie, and William Enck. AppContext: Differentiating Malicious and Benign Mobile App Behaviors Under Context. In Proceedings of the 37th International Conference on Software Engineering (ICSE 2015), pages 303-312, Florence, Italy, May 2015. [PDF] (Acceptance Rate: 18.5%, 84 out of 452).
- John Slankas, Xusheng Xiao, Laurie Williams, and Tao Xie. Relation Extraction for Inferring Access Control Rules from Natural Language Artifacts. To appear in Proceedings of the 2014 Annual Computer Security Applications Conference (ACSAC 2014), pages 366-375, New Orleans, Louisiana, USA, December 2014. [PDF]
- Rahul Pandita, Xusheng Xiao, Wei Yang, William Enck, and Tao Xie. WHYPER: Towards Automating Risk Assessment of Mobile Applications. In Proceedings of the 22nd USENIX Security Symposium (USENIX Security 2013), pages 527-542,Washington DC, August 2013. [PDF] (Acceptance Rate: 45 / 277 = 16.2%).
- Xusheng Xiao, Amit Paradkar, Suresh Thummalapenta and Tao Xie. Automated Extraction of Security Policies from Natural-Language Software Documents. In Proceedings of the 20th ACM SIGSOFT International Symposium on the Foundations of Software Engineering (FSE 2012), pages 12:1-12:11, Research Triangle Park, North Carolina, USA, November 2012. [PDF][Slides] (Acceptance Rate: 17.4%, 35 out of 201).
- Xusheng Xiao, Nikolai Tillmann, Manuel Fahndrich, Jonathan de Halleux, and Michal Moskal. User-Aware Privacy Control via Extended Static-Information-Flow Analysis. In Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering 2012 (ASE 2012), pages 80-89, Essen, Germany, 2012. [PDF] (Acceptance Rate: 15.2%, 21 out of 138)
Software Testing / Program Analysis
- Xusheng Xiao, Gogul Balakrishnan, Franjo Ivancic, Naoto Maeda, Aarti Gupta and Deepak Chhetri. ARC++: : Effective Typestate and Lifetime Dependency Analysis. In Proceedings of the 2014 International Symposium on Software Testing and Analysis (ISSTA 2014), pages 116-126, Bay Area, California, July 2014. [PDF] (Acceptance Rate: 28.1%, 36 out of 128)
- Xusheng Xiao, Shi Han, Tao Xie, and Dongmei Zhang. Context-Sensitive Delta Inference for Identifying Workload-Dependent Performance Bottlenecks. In Proceedings of the 2013 International Symposium on Software Testing and Analysis (ISSTA 2013), pages 90-100, Lugano Switzerland, July 2013. [PDF] (Acceptance Rate: 25.8%, 32 out of 124).
- Xusheng Xiao, Sihan Li, Tao Xie, and Nikolai Tillmann. Characteristic Studies of Loop Problems for Structural Test Generation via Symbolic Execution. In Proceedings of the 28th IEEE/ACM International Conference on Automated Software Engineering (ASE 2013), pages 246-256, Palo Alto, California, November 2013. [PDF] (Acceptance Rate: 17.0%, 43 out of 254).
- Rahul Pandita, Xusheng Xiao, Hao Zhong, Tao Xie, Stephen Oney, and Amit Paradkar. Inferring Method Specifications from Natural Language API Descriptions. In Proceedings of the 34rd International Conference on Software Engineering (ICSE 2012), pages 815-825, Zurich, Switzerland, June 2012. [PDF] (Acceptance Rate: 87 / 408 = 21.3%)
- Xusheng Xiao, Tao Xie, Nikolai Tillmann, and Jonathan de Halleux. Precise Identification of Problems for Structural Test Generation. In Proceedings of the 33rd International Conference on Software Engineering (ICSE 2011), pages 611-620, Honolulu, Hawaii, May 2011. [PDF][Demo][Tool]. (Acceptance Rate: 14%, 62 out of 442)
- A shorter version of this paper won the award of "Best project representing an innovative use of Microsoft technology" in ICSE 2011!
- An extended abstract of this paper won the award of "ICSE SRC Best Project Representing an Innovative Use of Microsoft Technology" in ACM SRC Grand Final 2012