Goran Piskachev

I am an applied scientist at Amazon Web Services in Berlin, Germany. I hold a PhD degree from Paderborn University under the supervision of Prof. Dr. Eric Bodden. My research is in the area of program analysis and its practical applications in the domains of security and privacy. In my PhD thesis, I developed techniques that bring the application of taint analysis for detecting security vulnerabilities closer to software developers.

Research Areas of Interest:

Static Code Analysis
Domain-specific Languages
Machine-learning for Code Analysis
Application Security
Privacy Engineering
Empirical Software Engineering

Education

[Jan 2016 - Dec 2022] PhD (Dr. rer. nat.), Paderborn University
[Oct 2012 - Jul 2015] MSc in Computer Science, Paderborn University
[Sep 2008 - Jun 2012] Degree in Electrical Engineering and Information Technologies, Ss. Cyril and Methodius University Skopje
[Sep 2006 - Aug 2008] Inernational Baccalaureate Diplomma Program, Josip Broz Tito High School Skopje

Work Experience

[Oct 2022 - today] Applied Scientist - AWS Privacy Engineering Group, Amazon Web Services, Berlin
[Jan 2022 - Sep 2022] Team Manager - Development tools for secure services and apps, Fraunhofer IEM, Paderborn
[Jan 2021 - Apr 2021] Internship (applied scientist) - Automated Reasoning Group, Amazon Web Servoces
[Sep 2015 - Dec 2021] Research Associate - Software engineering group, Fraunhofer IEM, Paderborn
[Jan 2015 - Jul 2015] Student Research Assistant - Software engineering group, Fraunhofer IPT, Paderborn
[Feb 2013 - Dec 2014] Student Research Assistant - Software engineering group, Heinz Nixdorf Institut, Paderborn
[Jul 2012 - Aug 2012] Internship (research) - Theoretical systems biology group, Imperial College London
[Feb 2012 - Jun 2012] Lab Demonstrator - Faculty of Computer Science and Engineering, UKIM Skopje
[Aug 2011 - Oct 2011] Internship (software development) - Koios Savetovanje, Zagreb
[Jul 2011 - Aug 2011] Internship (software development) - Alvila, Prague

Publications

2023

Compositional Taint Analysis for Enforcing Security and Privacy Policies at Scale, Banerjee Subarno, Cui Siwei, Emmi Michael, Filieri Antonio, Hadarean Liana, Li Peixuan, Luo Linghui, Piskachev Goran, Rosner Nicolás, Sengupta Aritra, Tripp Omer, Tout Sean, Wang Jingbo, Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE), 2023
Can the configuration of static analyses make resolving security vulnerabilites more effective? - A user study, Piskachev Goran, Becker Matthias, and Bodden Eric, Empirical Software Engineering Springer (EMSE), 2023 and Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE), 2023[artifact]
Model Generation For Java Frameworks, Luo Linghui, Piskachev Goran, Krishnamurthy Ranjith, Dolby Julian, Bodden Eric, and Schäf Martin, International Conference on Software Testing, Verification and Validation (ICST), 2023
Shifting left for early detection of machine-learning bugs, Liblit Ben, Luo Linghui, Molina Ramirez Alejandro, Mukherjee Rajdeep, Patterson Zachary, Piskachev Goran, Schäf Martin, Tripp Omer, and Visser Willem, Formal Methods Industry Day (FM), 2023

2022

Adapting Taint Analyses for Detecting Security Vulnerabilities Goran Piskachev, PhD thesis (Summa cum laude), Universität Paderborn, December 2022
How far are German companies in improving security through static program analysis tools?, Piskachev Goran, Dziwok Stefan, Koch Thorsten, Merschjohan Sven, and Bodden Eric, IEEE Secure Development Conference (secDev), Atlanta USA, October 2022, [artifact]
To what extent can we analyze Kotlin programs using existing Java taint analysis tools?, Krishnamurthy Ranjith, Piskachev Goran, and Bodden Eric, 22nd IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM), Limassol Cyprus, October 2022 (best engineering paper award) [Extended version] [Artifact: Benchmark] [Artifact: Kotlin Taint Analysis]
Fluently specifying taint-flow queries with fluentTQL, Piskachev Goran, Späth Johannes, Budde Ingo, and Bodden Eric, Empirical Software Engineering Springer(EMSE), 2022 and Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE), 2022[artifact]
TaintBench: Automatic Real-World Malware Benchmarking of Android Taint Analyses, Luo Linghui, Pauck Felix, Piskachev Goran, Benz Manuel, Pashchenko Ivan, Mory Martin, Bodden Eric, Hermann Ben, and Massacci Fabio, International Conference on Software Engineering (ICSE), Pittsburgh USA, May 2022

2021

TaintBench: Automatic Real-World Malware Benchmarking of Android Taint Analyses, Luo Linghui, Pauck Felix, Piskachev Goran, Benz Manuel, Pashchenko Ivan, Mory Martin, Bodden Eric, Hermann Ben, and Massacci Fabio, Empirical Software Engineering Springer(EMSE), 2021 [artifact]
SecuCheck: Engineering configurable taint analysis for software developers, Piskachev Goran, Krishnamurthy Ranjith, and Bodden Eric, 21st IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM), 2021[artifact]
Qualitative and Quantitative Analysis of Callgraph Algorithms for PYTHON, Kummita Sriteja, Piskachev Goran, Spaeth Johannes, and Bodden Eric, The First International Conference on Code Quality, Moscow Russia, March 2021

2020

Language-agnostic Injection Detection, Hermerschmidt Lars, Straub Andreas, and Piskachev Goran, LangSec Workshop (IEEE S&P), San Francisco USA, May 2020

2019

SwanAssist: Semi-Automated Detection of Code-Specific, Security-Relevant Methods, Piskachev Goran, Nguyen Quang Do Lisa, Johnson Oshando, and Bodden Eric, Demonstration Track at Automated Software Engineering (ASE), San Diego USA, November 2019
AuthCheck: Program-state Analysis for Access-control Vulnerabilities, Piskachev Goran, Petrasch Tobias, Spaeth Johannes, and Bodden Eric, Workshop on Tools for Automatic Program Analysis (TAPAS), Porto Portugal, October 2019
Integration of the Static Analysis Results Interchange Format in CogniCrypt (Technical Report), Kummita Sriteja, Piskachev Goran, Heinz Nixdorf Institute, Paderborn Germany, June 2019
Codebase-Adaptive Detection of Security-Relevant Methods, Piskachev Goran, Nguyen Lisa, Bodden Eric, International Symposium on Software Testing and Analysis (ISSTA) 2019, Beijing China, July 2019
Codebase-Adaptive Detection of Security-Relevant Methods (Technical Report), Piskachev Goran, Nguyen Lisa, Bodden Eric, Heinz Nixdorf Institute, Paderborn Germany, March 2019

before 2019

Transparent Static Analysis for the Detection of Security Vulnerabilities, Piskachev Goran, ISSTA/ECOOP 2018 Doctoral Symposium, Amsterdam The Netherlands, July 2018
The MechatronicUML Design Method: Process and Language for Platform-Independent Modeling (Technical report), Dziwok Stefan, Pohlmann Uwe, Piskachev Goran, Schubert David, Thiele Sebastian, Gerking Christopher, Heinz Nixdorf Institute, Paderborn Germany, 2016
LAFORE: Domain Specific Language for Reconfiguration (Master thesis), Piskachev Goran, Paderborn Germany, July 2015
Cybertron, Project Group, (Final Document) Paderborn Germany, 2015
Concerns, Views, Viewpoints, and Stakeholders in the Holistic Mechatronic UML Process (Seminar thesis), Piskachev Goran, Paderborn Germany, 2015
Static Spotter for Scalability Anti-Patterns Detection (Tutorial), Yu Jinying, Piskachev Goran, Symposium on Software Performance, Stuttgart Germany, 2014
Performance modeling for a Web GRID architecture, Bajrami Agim, Zdraveski Vladimir, Filiposka Sonja, Piskachev Goran, Trajanov Dimitar, Telecommunications Forum (TELEFOR), Belgrade Serbia, 2011
Novel consensus approach for protein active sites detection, Piskachev Goran, Mirceva Georgina, Davcev Danco, International Scientific Conference, Computer Science, Ohrid Macedonia, July 2011

Talks

PRIDE Workshop, (invited talk) ECOOP Berlin, June 2022
Research seminar, Paderborn University, Replicability of software engineering artifacts, October 2021
ROSE Festival (Recognizing and Rewarding Open Science in SE), Luxembourg (virtual), Open Science Contribution: Artifact SecuCheck, September 2021
Guest lecture at DECA 2, Paderborn University, July 2021 Part 1, Part 2, Part 3, Part 4
Kassel Security Meetup Configuring Static Analysis Tools, Kassel, January 2020, video link
Heise devSec How to configure static analysis configuration through machine-learning, Heidelberg, September 2019

Service

IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER) 2024 - PC Member Tool Track
International Conference on Software Engineering (ICSE) 2024 - Artifact Evaluation Committee
IEEE Secure Development Conference (secDev) 2023 - PC Member
International Conference on Computer Aided Verification (CAV) 2023 - Artifact Evaluation Committee
Conference on Programming Language Design and Implementation (PLDI) 2023 - Artifact Evaluation Committee
European Symposium on Programming (ESOP) 2023 - Artifact Evaluation Committee
ACM Transactions on Software Engineering and Methodology (TOSEM) 2022 - Reviewer
Empirical Software Engineering (EMSE) 2022 - Reviewer
USENIX Security 2022 - Artifact Evaluation Committee
Conference on Programming Language Design and Implementation (PLDI) 2022 - Artifact Evaluation Committee
European Symposium on Programming (ESOP) 2022 - Artifact Evaluation Committee
International Conference on Software Engineering (ICSE) 2022 - Subreviewer
IEEE Symposium on Security and Privacy (IEEE SP) 2021 - Subreviewer
Conference on Programming Language Design and Implementation (PLDI) 2021 - Artifact Evaluation Committee
Mining Software Repositories Conference (MSR) 2021 - ShadowPC Member
Software: Practice and Experience (SPE) 2020 - Reviewer
Empirical Software Engineering (EMSE) 2020 - Reviewer
USENIX Security 2020 - Artifact Evaluation Committee
Conference on Programming Language Design and Implementation (PLDI) 2020 - Artifact Evaluation Committee
European Conference on Object-Oriented Programming (ECOOP) 2020 - Doctoral Symposium PC Member
European Conference on Object-Oriented Programming (ECOOP) 2020 - Poster Session Co-Chair
European Conference on Object-Oriented Programming (ECOOP) 2019 - Doctoral Symposium Co-Chair
ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA) 2018 - Artifact Evaluation Committee
ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA) 2017 - Artifact Evaluation Committee

Teaching

At Paderborn University, I suppervised the following theses

[2023] Master thesis - Explorative research on using LLVM and PhASAR to run data-flow analyses on SWIFT
[2022] Seminar Secure Systems Engineering (WS21/22) - Understanding and evaluating MarianaTrench
[2022] Master thesis - Explorative research on taint analysis for Kotlin
[2021] Master thesis - Soot-based configuration generator for analysis writers (co-supervised)
[2021] Master thesis - Extending fluentTQL: Specifying taint-flows through a domain-specific language
[2020] Master thesis - Evaluation of Call Graph Construction for Python (co-supervised)
[2020] Master thesis - Transformation of Taint and Typestate Specifications (co-supervised)
[2020] Seminar Secure Systems Engineering (WS19/20) - Transforming Taint flow Specifications into Correct Usage of APIs (co-supervised)
[2020] Seminar Secure Systems Engineering (WS19/20) - Survey on Domain Specific Languages for Taint Analysis
[2019] Pro-Seminar Softwareentwicklung fuer software-intensive Systeme (SS19) - Representing Source Code in Machine Leraning for Code Analysis
[2019] Seminar Advanced Software Engineering Contepts (SS19) - Integrating Feedback in the IDE
[2019] Master thesis - Detection of methods of interest for security based on software documentation
[2019] Seminar Secure Systems Engineering (WS18/19) - Survey on adaptive static analysis
[2018] Bachelor thesis - Authentication and authorization checker for Java web systems
[2018] Bachelor thesis - Evaluation of machine learning algorithms for automatic detection of security-relevant methods
[2018] Seminar Secure Systems Engineering (WS17/18) - Inferring specifications for taint-style vulnerabilities
[2017] Seminar Secure Systems Engineering (WS16/17) - Security vulnerabilities in Android's inter-app communication

Teaching assistance

Seminar: Replicability of software engineering artifacts (SS21)
Model-based software development (SS17)
Model-driven software development (WS16/17)
Model-driven software development (WS15/16)

Contact

e-Mail: goran(at)piskachev.com