What we do at S4Lab
The short version of our work is that we like the kind of magic that concerns software. That means while security is not mathematically provable and the world is full of smart programmers with cute programs, we want to show the weakness in software and systems (how cute a program can be?) and find ways to secure them.
Software Security
Researchers have introduced lots of program analysis methods over the last four decades. Initially, the primary goal of these methods was compiler optimization. With the emergence of malware, new dynamic approaches have been introduced for the sake of finding the malicious behavior that only appears at runtime.
In recent years with rising the cost that software bugs may cause, researchers used the available automatic program analysis methods to test programs and answer the question “Does a program have any bugs?”. Altough none of the methods answer this question entirely, the goal of the automatic program testing is identifying as many real bugs as possible with minimal user augmentation and measure/show their risk.
Here at S4lab, we want to answer the following questions:
- What kind of magic reveals software bugs as much as possible?
- Can we decide which part of the programs are more vulnerable?
- Can we improve the magic to prove vulnerabilities?
- How can we measure the risk each bug has?
Traditionally the program analysis methods are categorized as follows:

If you want to get familiar with these approaches, we suggest the following references:
- SOK: (State of) The Art of War: Offensive Techniques in Binary Analysis
- AEG: Automatic Exploit Generation
- VulPecker: an automated vulnerability detection system based on code
System Security
Although using secure software is essential, it is always possible that interactions between the different layer of the computing stack remain vulnerable. Therefore developing tools and methods to detect potential flaws in communication channels, i.e., kernel/user, kernel/virtualization layer, kernel/hardware layer, etc. is important.
To get familiar with this area we suggest reviewing the following papers:
- Precise and Scalable Detection of Double-Fetch Bugs in OS Kernels
- S2E: A Platform for In-Vivo Analysis of Software Systems
Find what is wrong

You see, but you do not observe. The distinction is clear. [Sherlock Holmes]
While our primary focus is software and system security, any new security-related problems may interest us, especially finding new and innovative ways to measure security or to show that there are flaws in software and system that we use in our everyday life. You should be curious enough to sense that there is something wrong about them, indeed you should observe carefully.
To get familiar with these topics we suggest the following references:
- A Large-scale Analysis of Content Modification by Open HTTP Proxies
- A Large-Scale Empirical Study of Security Patches
What you should do to join S4Lab
If we knew what it was we were doing, it would not be called research, would it? [Albert Einstein]
You should understand that security related fields are not as straightforward as shown in Hollywood movies. In most cases, we do not know what the next step is, and we are not sure if we can find a way to prove that security is broken. But that doesn’t mean we should stop trying.
You should be patient, ambitious, and determined enough to work at S4Lab,
If you find S4Lab suitable for your work, please follow the steps below and you will see how deep the rabbit hole goes.
Let us know what interests you more
Summarize 2 of papers we have suggested reviewing above, choose the ones that interest you more. The writing should be your own words and try to avoid using the paper sentences.
You can add any related data, possible open problems that you may find, or only focus on the papers.
Each summary should not be longer than 2 pages.
Prove that you are a hacker (i.e. problem solver)
Most hackers are young because young people tend to be adaptable. As long as you remain adaptable, you can always be a good hacker. [Emmanuel Goldstein]
Being a hacker means you do not leave a problem unsolved because it is written in Haskell.
Before joining S4Lab, you need to prove that you are a hacker, to do so, please answer the following questions:
- Many websites expose their “.git” files, please show how it could be dangerous.
- Imagine that we have 2**48 text files. Explain how can we find which files are the same.
- Write a hello-world
C
program and explain how we can dump its binary code withradare2
.
Please remember that you do not need to write very much, and try to solve each task as automatically as you can.
Stay tuned
Upload the requested data, on your public GitHub
account and send us its URL.

AEG: Automatic Exploit Generation, Thanassi sAvgerinos, Sang Kil Cha, Brent Lim Tze Hao, and David Brumley. Network and Distributed System Security Symposium, NDSS 2011.
S2E: A Platform for in-Vivo Multi-Path Analysis of Software Systems, Vitaly Chipounov, Volodymyr Kuznetsov, and George Candea, Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2011.
A Large-Scale Empirical Study of Security Patches, Frank Li, and Vern Paxson, ACM SIGSAC Conference on Computer and Communications Security, CCS 2017.
VulPecker: An Automated Vulnerability Detection System Based on Code Similarity Analysis,Zhen Li, Deqing Zou, Shouhuai Xu, Hai Jin, Hanchao Qi, and Jie Hu, Annual Conference on Computer Security Applications, ACSAC 2016.
SOK: (State of) the Art of War: Offensive Techniques in Binary Analysis, Yan Shoshitaishvili, Ruoyu Wang, Christopher Salls, Nick Stephens, Mario Polino, Andrew Dutcher, John Grosen, et al., IEEE Symposium on Security and Privacy, SP 2016.
Reflections on Trusting Trust, Ken Thompson, Commun. ACM, 1984.
A Large-Scale Analysis of Content Modification by Open HTTP Proxies, Giorgos Tsirantonakis, Panagiotis Ilia, Sotiris Ioannidis, Elias Athanasopoulos, and Michalis Polychronakis, Network and Distributed System Security Symposium, NDSS 2018.
Precise and Scalable Detection of Double-Fetch Bugs in OS Kernels, Meng Xu, Chenxiong Qian, Kangjie Lu, Michael Backes, and Taesoo Kim, IEEE Symposium on Security and Privacy, SP 2018.
Post by: Solmaz Salimi