Goran Piskachev

I am a research associate at Fraunhofer IEM in Paderborn, Germany.

Research

Static code analysis can detect many known vulnerabilities when correctly configured for each application being analyzed. However, the acceptance of static analysis tools from developers is still very low. One of the main issues is that the devlopers are not familiar with the domain and do not know how to set the parameters to get the expected results. Default configurations often result in high number of false positives. If we want to reach SecDevOps process, we need to make sure that the developers are aware of the security issues already in the design phase. In my research, I develop methods and tools that will close the gap between the development and static code analysis. One of the main problem is how to detect security-relevant entities in the code which are needed for the configuration of static analyses. The goal is to provide the developer an IDE-integrated generator of configurations for static analyses that can be used at design time.

Research Areas of Interest:

Static Code Analysis
Java/Android Security
Machine-learning for Code Analysis
Usable Security

Education

[Jan 2016 - Today] PhD candidate, Paderborn University
[Oct 2012 - Jul 2015] MSc in Computer Science, Paderborn University
[Sep 2008 - Jun 2012] Degree in Electrical Engineering and Information Technologies, Ss. Cyril and Methodius University Skopje
[Sep 2006 - Aug 2008] Inernational Baccalaureate Diplomma Program, Josip Broz Tito High School Skopje

Work Experience

[Sep 2015 - Today] Research associate - Software engineering group, Fraunhofer IEM, Paderborn
[Jan 2015 - Jul 2015] Student research assistant - Software engineering group, Fraunhofer IPT, Paderborn
[Feb 2013 - Dec 2014] Student research assistant - Software engineering group, Heinz Nixdorf Institut, Paderborn
[Jul 2012 - Aug 2012] Internship - Theoretical systems biology group, Imperial College London
[Feb 2012 - Jun 2012] Lab Demonstrator - Faculty of Computer Science and Engineering, UKIM Skopje
[Aug 2011 - Oct 2011] Internship - Koios Savetovanje, Zagreb
[Jul 2011 - Aug 2011] Internship - Alvila, Prague

Publications

Language-agnostic Injection Detection, Hermerschmidt Lars, Straub Andreas, and Piskachev Goran, LangSec Workshop (IEEE S&P), San Francisco USA, May 2020
SwanAssist: Semi-Automated Detection of Code-Specific, Security-Relevant Methods, Piskachev Goran, Nguyen Quang Do Lisa, Johnson Oshando, and Bodden Eric, Demonstration Track at Automated Software Engineering (ASE), San Diego USA, November 2019
AuthCheck: Program-state Analysis for Access-control Vulnerabilities, Piskachev Goran, Petrasch Tobias, Spaeth Johannes, and Bodden Eric, Workshop on Tools for Automatic Program Analysis (TAPAS), Porto Portugal, October 2019
Integration of the Static Analysis Results Interchange Format in CogniCrypt (Technical Report), Kummita Sriteja, Piskachev Goran, Heinz Nixdorf Institute, Paderborn Germany, June 2019
Codebase-Adaptive Detection of Security-Relevant Methods, Piskachev Goran, Nguyen Lisa, Bodden Eric, International Symposium on Software Testing and Analysis (ISSTA) 2019, Beijing China, July 2019
Codebase-Adaptive Detection of Security-Relevant Methods (Technical Report), Piskachev Goran, Nguyen Lisa, Bodden Eric, Heinz Nixdorf Institute, Paderborn Germany, March 2019
Transparent Static Analysis for the Detection of Security Vulnerabilities, Piskachev Goran, ISSTA/ECOOP 2018 Doctoral Symposium, Amsterdam The Netherlands, July 2018
The MechatronicUML Design Method: Process and Language for Platform-Independent Modeling (Technical report), Dziwok Stefan, Pohlmann Uwe, Piskachev Goran, Schubert David, Thiele Sebastian, Gerking Christopher, Heinz Nixdorf Institute, Paderborn Germany, 2016
LAFORE: Domain Specific Language for Reconfiguration (Master thesis), Piskachev Goran, Paderborn Germany, July 2015
Cybertron, Project Group, (Final Document) Paderborn Germany, 2015
Concerns, Views, Viewpoints, and Stakeholders in the Holistic Mechatronic UML Process (Seminar thesis), Piskachev Goran, Paderborn Germany, 2015
Static Spotter for Scalability Anti-Patterns Detection (Tutorial), Yu Jinying, Piskachev Goran, Symposium on Software Performance, Stuttgart Germany, 2014
Performance modeling for a Web GRID architecture, Bajrami Agim, Zdraveski Vladimir, Filiposka Sonja, Piskachev Goran, Trajanov Dimitar, Telecommunications Forum (TELEFOR), Belgrade Serbia, 2011
Novel consensus approach for protein active sites detection, Piskachev Goran, Mirceva Georgina, Davcev Danco, International Scientific Conference, Computer Science, Ohrid Macedonia, July 2011

Talks

Kassel Security Meetup Configuring Static Analysis Tools, Kassel, January 2020, video link
Heise devSec How to configure static analysis configuration through machine-learning, Heidelberg, September 2019

Selected Projects

Service

Empirical Software Engineering 2020 Reviewer
USENIX Security 2020 Artifact Evaluation Committee
Conference on Programming Language Design and Implementation (PLDI) 2020 Artifact Evaluation Committee
European Conference on Object-Oriented Programming (ECOOP) 2020 - Doctoral Symposium PC Member
European Conference on Object-Oriented Programming (ECOOP) 2020 - Poster Session Co-Chair
European Conference on Object-Oriented Programming (ECOOP) 2019 - Doctoral Symposium Co-Chair
ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA) 2018 - Artifact Evaluation Committee
ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA) 2017 - Artifact Evaluation Committee

Teaching

At Paderborn University, I offer Bachelor, Master or Seminar theses. Here is a list of finished, on going or open topics.

[finished] Master thesis - Evaluation of Call Graph Construction for Python, student: Sriteja Kummita (co-supervised)
[ongoing] Master thesis - Transformation of Taint and Typestate Specifications, student: Alexander Lorisch (co-supervised)
[finished] Seminar Secure Systems Engineering (WS19/20) (SS19) - Transforming Taint flow Specifications into Correct Usage of APIs, student: Ranjith Masthikatte (co-supervised)
[finished] Seminar Secure Systems Engineering (WS19/20) - Survey on Domain Specific Languages for Taint Analysis, student: Shreyas Kottur
[finished] Pro-Seminar Softwareentwicklung fuer software-intensive Systeme (SS19) - Representing Source Code in Machine Leraning for Code Analysis, student: Jens Ussatis
[finished] Seminar Advanced Software Engineering Contepts (SS19) - Integrating Feedback in the IDE, student: Santosh Rangaraju
[ongoing] Master thesis - Detection of methods of interest for security based on software documentation, student: Oshando Johnson
[finished] Seminar Secure Systems Engineering (WS18/19) - Survey on adaptive static analysis, student: Pavan Gurkhi Bhimesh
[finished] Bachelor thesis - Authentication and authorization checker for Java web systems, student: Tobias Petrasch
[finished] Bachelor thesis - Evaluation of machine learning algorithms for automatic detection of security-relevant methods, student: Parviz Nasiry
[finished] Seminar Secure Systems Engineering (WS17/18) - Inferring specifications for taint-style vulnerabilities, student: Sebastian Mansfield
[finished] Seminar Secure Systems Engineering (WS16/17) - Security vulnerabilities in Android's inter-app communication, student: Michael Kuenneke

If you are a student interested in similar topics, feel free to contact me and set up a meeting. Speculative requests are welcome.

Teaching assistance

Model-based software development (SS17)
Model-driven software development (WS16/17)
Model-driven software development (WS15/16)

Contact

Goran Piskachev
Fraunhofer IEM Institute for Mechatronic Systems Design
Department Software Engineering and IT-Security
Zukunftsmeile 1
33102 Paderborn

e-Mail: goran.piskachev(at)iem.fraunhofer.de