A two-layered, proactive and reactive, security framework for distributed frameworks, such as Apache Spark. In the proactive layer, we used program analysis to detect potential dangerous and malicious code early. In the reactive layer, we implemented attribute-based access control using aspect-oriented programming and secured the environment with security manager-based sandboxing.
Automated program analysis-based system to detect cryptographic API misuses in massive java projects. CryptoGuard efficiently and effectively identifies intended program slices by excluding language-specific non-essential elements, which reduces the rate of false-positive significantly. We helped harden the security of several high-impact apache projects, including Spark, Ranger, and Ofbiz.