Goran Piskachev

I am a research associate and team lead at Fraunhofer IEM in Paderborn, Germany.

Research

Static code analysis has shown success in finding bugs and security vulnerabilities. However, using existing analyses and tools on new codebases requires sufficient knowledge on how the particular analysis works which needs to be configured. This configuration includes selection of appropriate call graph, rules, and more. Default configurations are often not usable. In my research, I develop methods and tools that will ease the application of generic static analyses, such as taint analysis or typestate analysis to specific context.

Research Areas of Interest:

Static Code Analysis
Java/Android Security
Machine-learning for Code Analysis
Domain-specific Languages
Empirical Software Engineering

Education

[Jan 2016 - Today] PhD candidate, Paderborn University
[Oct 2012 - Jul 2015] MSc in Computer Science, Paderborn University
[Sep 2008 - Jun 2012] Degree in Electrical Engineering and Information Technologies, Ss. Cyril and Methodius University Skopje
[Sep 2006 - Aug 2008] Inernational Baccalaureate Diplomma Program, Josip Broz Tito High School Skopje

Work Experience

[Jan 2022 - Today] Team Manager - Development tools for secure services and apps, Fraunhofer IEM, Paderborn
[Jan 2021 - Apr 2021] Internship (applied scientist) - Automated Reasoning Group, Amazon Web Servoces
[Sep 2015 - Dec 2021] Research Associate - Software engineering group, Fraunhofer IEM, Paderborn
[Jan 2015 - Jul 2015] Student Research Assistant - Software engineering group, Fraunhofer IPT, Paderborn
[Feb 2013 - Dec 2014] Student Research Assistant - Software engineering group, Heinz Nixdorf Institut, Paderborn
[Jul 2012 - Aug 2012] Internship (research) - Theoretical systems biology group, Imperial College London
[Feb 2012 - Jun 2012] Lab Demonstrator - Faculty of Computer Science and Engineering, UKIM Skopje
[Aug 2011 - Oct 2011] Internship (software development) - Koios Savetovanje, Zagreb
[Jul 2011 - Aug 2011] Internship (software development) - Alvila, Prague

Publications

How far are German companies in improving security through static program analysis tools?, Piskachev Goran, Dziwok Stefan, Koch Thorsten, Merschjohan Sven, and Bodden Eric, IEEE Secure Development Conference (secDev), 2022
To what extent can we analyze Kotlin programs using existing Java taint analysis tools?, Krishnamurthy Ranjith, Piskachev Goran, and Bodden Eric, 22nd IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM), 2022 [Extended version]
Fluently specifying taint-flow queries with fluentTQL, Piskachev Goran, Späth Johannes, Budde Ingo, and Bodden Eric, Empirical Software Engineering Springer(EMSE), 2022 [artifact]
TaintBench: Automatic Real-World Malware Benchmarking of Android Taint Analyses, Luo Linghui, Pauck Felix, Piskachev Goran, Benz Manuel, Pashchenko Ivan, Mory Martin, Bodden Eric, Hermann Ben, and Massacci Fabio, International Conference on Software Engineering (ICSE), Pittsburgh USA, May 2022
TaintBench: Automatic Real-World Malware Benchmarking of Android Taint Analyses, Luo Linghui, Pauck Felix, Piskachev Goran, Benz Manuel, Pashchenko Ivan, Mory Martin, Bodden Eric, Hermann Ben, and Massacci Fabio, Empirical Software Engineering Springer(EMSE), 2021 [artifact]
SecuCheck: Engineering configurable taint analysis for software developers, Piskachev Goran, Krishnamurthy Ranjith, and Bodden Eric, 21st IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM), 2021[artifact]
TaintBench: Automatic Real-World Malware Benchmarking of Android Taint Analyses, Luo Linghui, Pauck Felix, Piskachev Goran, Benz Manuel, Pashchenko Ivan, Mory Martin, Bodden Eric, Hermann Ben, and Massacci Fabio, Empirical Software Engineering Springer(EMSE), 2021 [artifact]
Qualitative and Quantitative Analysis of Callgraph Algorithms for PYTHON, Kummita Sriteja, Piskachev Goran, Spaeth Johannes, and Bodden Eric, The First International Conference on Code Quality, Moscow Russia, March 2021
Language-agnostic Injection Detection, Hermerschmidt Lars, Straub Andreas, and Piskachev Goran, LangSec Workshop (IEEE S&P), San Francisco USA, May 2020
SwanAssist: Semi-Automated Detection of Code-Specific, Security-Relevant Methods, Piskachev Goran, Nguyen Quang Do Lisa, Johnson Oshando, and Bodden Eric, Demonstration Track at Automated Software Engineering (ASE), San Diego USA, November 2019
AuthCheck: Program-state Analysis for Access-control Vulnerabilities, Piskachev Goran, Petrasch Tobias, Spaeth Johannes, and Bodden Eric, Workshop on Tools for Automatic Program Analysis (TAPAS), Porto Portugal, October 2019
Integration of the Static Analysis Results Interchange Format in CogniCrypt (Technical Report), Kummita Sriteja, Piskachev Goran, Heinz Nixdorf Institute, Paderborn Germany, June 2019
Codebase-Adaptive Detection of Security-Relevant Methods, Piskachev Goran, Nguyen Lisa, Bodden Eric, International Symposium on Software Testing and Analysis (ISSTA) 2019, Beijing China, July 2019
Codebase-Adaptive Detection of Security-Relevant Methods (Technical Report), Piskachev Goran, Nguyen Lisa, Bodden Eric, Heinz Nixdorf Institute, Paderborn Germany, March 2019
Transparent Static Analysis for the Detection of Security Vulnerabilities, Piskachev Goran, ISSTA/ECOOP 2018 Doctoral Symposium, Amsterdam The Netherlands, July 2018
The MechatronicUML Design Method: Process and Language for Platform-Independent Modeling (Technical report), Dziwok Stefan, Pohlmann Uwe, Piskachev Goran, Schubert David, Thiele Sebastian, Gerking Christopher, Heinz Nixdorf Institute, Paderborn Germany, 2016
LAFORE: Domain Specific Language for Reconfiguration (Master thesis), Piskachev Goran, Paderborn Germany, July 2015
Cybertron, Project Group, (Final Document) Paderborn Germany, 2015
Concerns, Views, Viewpoints, and Stakeholders in the Holistic Mechatronic UML Process (Seminar thesis), Piskachev Goran, Paderborn Germany, 2015
Static Spotter for Scalability Anti-Patterns Detection (Tutorial), Yu Jinying, Piskachev Goran, Symposium on Software Performance, Stuttgart Germany, 2014
Performance modeling for a Web GRID architecture, Bajrami Agim, Zdraveski Vladimir, Filiposka Sonja, Piskachev Goran, Trajanov Dimitar, Telecommunications Forum (TELEFOR), Belgrade Serbia, 2011
Novel consensus approach for protein active sites detection, Piskachev Goran, Mirceva Georgina, Davcev Danco, International Scientific Conference, Computer Science, Ohrid Macedonia, July 2011

Talks

PRIDE Workshop, (invited talk) ECOOP Berlin, June 2022
Research seminar, Paderborn University, Replicability of software engineering artifacts, October 2021
ROSE Festival (Recognizing and Rewarding Open Science in SE), Luxembourg (virtual), Open Science Contribution: Artifact SecuCheck, September 2021
Guest lecture at DECA 2, Paderborn University, July 2021 Part 1, Part 2, Part 3, Part 4
Kassel Security Meetup Configuring Static Analysis Tools, Kassel, January 2020, video link
Heise devSec How to configure static analysis configuration through machine-learning, Heidelberg, September 2019

Service

ACM Transactions on Software Engineering and Methodology (TOSEM) 2022 - Reviewer
Empirical Software Engineering (EMSE) 2022 - Reviewer
USENIX Security 2022 - Artifact Evaluation Committee
Conference on Programming Language Design and Implementation (PLDI) 2022 - Artifact Evaluation Committee
European Symposium on Programming (ESOP) 2022 - Artifact Evaluation Committee
International Conference on Software Engineering (ICSE) 2022 - Subreviewer
IEEE Symposium on Security and Privacy (IEEE SP) 2021 - Subreviewer
Conference on Programming Language Design and Implementation (PLDI) 2021 - Artifact Evaluation Committee
Mining Software Repositories Conference (MSR) 2021 - ShadowPC
Software: Practice and Experience (SPE) 2020 - Reviewer
Empirical Software Engineering (EMSE) 2020 - Reviewer
USENIX Security 2020 - Artifact Evaluation Committee
Conference on Programming Language Design and Implementation (PLDI) 2020 - Artifact Evaluation Committee
European Conference on Object-Oriented Programming (ECOOP) 2020 - Doctoral Symposium PC Member
European Conference on Object-Oriented Programming (ECOOP) 2020 - Poster Session Co-Chair
European Conference on Object-Oriented Programming (ECOOP) 2019 - Doctoral Symposium Co-Chair
ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA) 2018 - Artifact Evaluation Committee
ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA) 2017 - Artifact Evaluation Committee

Teaching

At Paderborn University, I offer Bachelor, Master or Seminar theses. Here is a list of finished, on going or open topics.

[finished] Seminar Secure Systems Engineering (WS21/22) - Understanding and evaluating MarianaTrench
[finished] Master thesis - Explorative research on taint analysis for Kotlin
[finished] Master thesis - Soot-based configuration generator for analysis writers (co-supervised)
[finished] Master thesis - Extending fluentTQL: Specifying taint-flows through a domain-specific language
[finished] Master thesis - Evaluation of Call Graph Construction for Python (co-supervised)
[finished] Master thesis - Transformation of Taint and Typestate Specifications (co-supervised)
[finished] Seminar Secure Systems Engineering (WS19/20) - Transforming Taint flow Specifications into Correct Usage of APIs (co-supervised)
[finished] Seminar Secure Systems Engineering (WS19/20) - Survey on Domain Specific Languages for Taint Analysis
[finished] Pro-Seminar Softwareentwicklung fuer software-intensive Systeme (SS19) - Representing Source Code in Machine Leraning for Code Analysis
[finished] Seminar Advanced Software Engineering Contepts (SS19) - Integrating Feedback in the IDE
[finished] Master thesis - Detection of methods of interest for security based on software documentation
[finished] Seminar Secure Systems Engineering (WS18/19) - Survey on adaptive static analysis
[finished] Bachelor thesis - Authentication and authorization checker for Java web systems
[finished] Bachelor thesis - Evaluation of machine learning algorithms for automatic detection of security-relevant methods
[finished] Seminar Secure Systems Engineering (WS17/18) - Inferring specifications for taint-style vulnerabilities
[finished] Seminar Secure Systems Engineering (WS16/17) - Security vulnerabilities in Android's inter-app communication

If you are a student interested in similar topics, feel free to contact me and set up a meeting. Speculative requests are welcome.

Teaching assistance

Seminar: Replicability of software engineering artifacts (SS21)
Model-based software development (SS17)
Model-driven software development (WS16/17)
Model-driven software development (WS15/16)