Goran Piskachev

I am an applied scientist at Amazon Web Services in Berlin, Germany.

Research

Static code analysis has shown success in finding bugs and security vulnerabilities. However, using existing analyses and tools on new codebases requires sufficient knowledge on how the particular analysis works which needs to be configured. This configuration includes selection of appropriate call graph, rules, and more. Default configurations are often not usable. In my research, I develop methods and tools that will ease the application of generic static analyses, such as taint analysis or typestate analysis to specific context.

Research Areas of Interest:

Static Code Analysis
Java/Android Security
Machine-learning for Code Analysis
Domain-specific Languages
Empirical Software Engineering

Education

[Jan 2016 - Dec 2022] PhD (Dr. rer. nat.), Paderborn University
[Oct 2012 - Jul 2015] MSc in Computer Science, Paderborn University
[Sep 2008 - Jun 2012] Degree in Electrical Engineering and Information Technologies, Ss. Cyril and Methodius University Skopje
[Sep 2006 - Aug 2008] Inernational Baccalaureate Diplomma Program, Josip Broz Tito High School Skopje

Work Experience

[Oct 2022 - today] Applied Scientist - Automated Reasoning Group, Amazon Web Services, Berlin
[Jan 2022 - Sep 2022] Team Manager - Development tools for secure services and apps, Fraunhofer IEM, Paderborn
[Jan 2021 - Apr 2021] Internship (applied scientist) - Automated Reasoning Group, Amazon Web Servoces
[Sep 2015 - Dec 2021] Research Associate - Software engineering group, Fraunhofer IEM, Paderborn
[Jan 2015 - Jul 2015] Student Research Assistant - Software engineering group, Fraunhofer IPT, Paderborn
[Feb 2013 - Dec 2014] Student Research Assistant - Software engineering group, Heinz Nixdorf Institut, Paderborn
[Jul 2012 - Aug 2012] Internship (research) - Theoretical systems biology group, Imperial College London
[Feb 2012 - Jun 2012] Lab Demonstrator - Faculty of Computer Science and Engineering, UKIM Skopje
[Aug 2011 - Oct 2011] Internship (software development) - Koios Savetovanje, Zagreb
[Jul 2011 - Aug 2011] Internship (software development) - Alvila, Prague

Publications

Model Generation For Java Frameworks, Luo Linghui, Piskachev Goran, Krishnamurthy Ranjith, Dolby Julian, Bodden Eric, and Schäf Martin, International Conference on Software Testing, Verification and Validation (ICST), 2023
Shifting left for early detection of machine-learning bugs, Liblit Ben, Luo Linghui, Molina Ramirez Alejandro, Mukherjee Rajdeep, Patterson Zachary, Piskachev Goran, Schäf Martin, Tripp Omer, and Visser Willem, Formal Methods Industry Day (FM), 2023
Fluently specifying taint-flow queries with fluentTQL, Piskachev Goran, Späth Johannes, Budde Ingo, and Bodden Eric, Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE), 2022 [artifact]
How far are German companies in improving security through static program analysis tools?, Piskachev Goran, Dziwok Stefan, Koch Thorsten, Merschjohan Sven, and Bodden Eric, IEEE Secure Development Conference (secDev), Atlanta USA, October 2022, [artifact]
To what extent can we analyze Kotlin programs using existing Java taint analysis tools?, Krishnamurthy Ranjith, Piskachev Goran, and Bodden Eric, 22nd IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM), Limassol Cyprus, October 2022 (best engineering paper award) [Extended version]
Fluently specifying taint-flow queries with fluentTQL, Piskachev Goran, Späth Johannes, Budde Ingo, and Bodden Eric, Empirical Software Engineering Springer(EMSE), 2022 [artifact]
TaintBench: Automatic Real-World Malware Benchmarking of Android Taint Analyses, Luo Linghui, Pauck Felix, Piskachev Goran, Benz Manuel, Pashchenko Ivan, Mory Martin, Bodden Eric, Hermann Ben, and Massacci Fabio, International Conference on Software Engineering (ICSE), Pittsburgh USA, May 2022
TaintBench: Automatic Real-World Malware Benchmarking of Android Taint Analyses, Luo Linghui, Pauck Felix, Piskachev Goran, Benz Manuel, Pashchenko Ivan, Mory Martin, Bodden Eric, Hermann Ben, and Massacci Fabio, Empirical Software Engineering Springer(EMSE), 2021 [artifact]
SecuCheck: Engineering configurable taint analysis for software developers, Piskachev Goran, Krishnamurthy Ranjith, and Bodden Eric, 21st IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM), 2021[artifact]
TaintBench: Automatic Real-World Malware Benchmarking of Android Taint Analyses, Luo Linghui, Pauck Felix, Piskachev Goran, Benz Manuel, Pashchenko Ivan, Mory Martin, Bodden Eric, Hermann Ben, and Massacci Fabio, Empirical Software Engineering Springer(EMSE), 2021 [artifact]
Qualitative and Quantitative Analysis of Callgraph Algorithms for PYTHON, Kummita Sriteja, Piskachev Goran, Spaeth Johannes, and Bodden Eric, The First International Conference on Code Quality, Moscow Russia, March 2021
Language-agnostic Injection Detection, Hermerschmidt Lars, Straub Andreas, and Piskachev Goran, LangSec Workshop (IEEE S&P), San Francisco USA, May 2020
SwanAssist: Semi-Automated Detection of Code-Specific, Security-Relevant Methods, Piskachev Goran, Nguyen Quang Do Lisa, Johnson Oshando, and Bodden Eric, Demonstration Track at Automated Software Engineering (ASE), San Diego USA, November 2019
AuthCheck: Program-state Analysis for Access-control Vulnerabilities, Piskachev Goran, Petrasch Tobias, Spaeth Johannes, and Bodden Eric, Workshop on Tools for Automatic Program Analysis (TAPAS), Porto Portugal, October 2019
Integration of the Static Analysis Results Interchange Format in CogniCrypt (Technical Report), Kummita Sriteja, Piskachev Goran, Heinz Nixdorf Institute, Paderborn Germany, June 2019
Codebase-Adaptive Detection of Security-Relevant Methods, Piskachev Goran, Nguyen Lisa, Bodden Eric, International Symposium on Software Testing and Analysis (ISSTA) 2019, Beijing China, July 2019
Codebase-Adaptive Detection of Security-Relevant Methods (Technical Report), Piskachev Goran, Nguyen Lisa, Bodden Eric, Heinz Nixdorf Institute, Paderborn Germany, March 2019
Transparent Static Analysis for the Detection of Security Vulnerabilities, Piskachev Goran, ISSTA/ECOOP 2018 Doctoral Symposium, Amsterdam The Netherlands, July 2018
The MechatronicUML Design Method: Process and Language for Platform-Independent Modeling (Technical report), Dziwok Stefan, Pohlmann Uwe, Piskachev Goran, Schubert David, Thiele Sebastian, Gerking Christopher, Heinz Nixdorf Institute, Paderborn Germany, 2016
LAFORE: Domain Specific Language for Reconfiguration (Master thesis), Piskachev Goran, Paderborn Germany, July 2015
Cybertron, Project Group, (Final Document) Paderborn Germany, 2015
Concerns, Views, Viewpoints, and Stakeholders in the Holistic Mechatronic UML Process (Seminar thesis), Piskachev Goran, Paderborn Germany, 2015
Static Spotter for Scalability Anti-Patterns Detection (Tutorial), Yu Jinying, Piskachev Goran, Symposium on Software Performance, Stuttgart Germany, 2014
Performance modeling for a Web GRID architecture, Bajrami Agim, Zdraveski Vladimir, Filiposka Sonja, Piskachev Goran, Trajanov Dimitar, Telecommunications Forum (TELEFOR), Belgrade Serbia, 2011
Novel consensus approach for protein active sites detection, Piskachev Goran, Mirceva Georgina, Davcev Danco, International Scientific Conference, Computer Science, Ohrid Macedonia, July 2011

Talks

PRIDE Workshop, (invited talk) ECOOP Berlin, June 2022
Research seminar, Paderborn University, Replicability of software engineering artifacts, October 2021
ROSE Festival (Recognizing and Rewarding Open Science in SE), Luxembourg (virtual), Open Science Contribution: Artifact SecuCheck, September 2021
Guest lecture at DECA 2, Paderborn University, July 2021 Part 1, Part 2, Part 3, Part 4
Kassel Security Meetup Configuring Static Analysis Tools, Kassel, January 2020, video link
Heise devSec How to configure static analysis configuration through machine-learning, Heidelberg, September 2019

Service

International Conference on Computer Aided Verification (CAV) 2023 - Artifact Evaluation Committee
Conference on Programming Language Design and Implementation (PLDI) 2023 - Artifact Evaluation Committee
European Symposium on Programming (ESOP) 2023 - Artifact Evaluation Committee
ACM Transactions on Software Engineering and Methodology (TOSEM) 2022 - Reviewer
Empirical Software Engineering (EMSE) 2022 - Reviewer
USENIX Security 2022 - Artifact Evaluation Committee
Conference on Programming Language Design and Implementation (PLDI) 2022 - Artifact Evaluation Committee
European Symposium on Programming (ESOP) 2022 - Artifact Evaluation Committee
International Conference on Software Engineering (ICSE) 2022 - Subreviewer
IEEE Symposium on Security and Privacy (IEEE SP) 2021 - Subreviewer
Conference on Programming Language Design and Implementation (PLDI) 2021 - Artifact Evaluation Committee
Mining Software Repositories Conference (MSR) 2021 - ShadowPC
Software: Practice and Experience (SPE) 2020 - Reviewer
Empirical Software Engineering (EMSE) 2020 - Reviewer
USENIX Security 2020 - Artifact Evaluation Committee
Conference on Programming Language Design and Implementation (PLDI) 2020 - Artifact Evaluation Committee
European Conference on Object-Oriented Programming (ECOOP) 2020 - Doctoral Symposium PC Member
European Conference on Object-Oriented Programming (ECOOP) 2020 - Poster Session Co-Chair
European Conference on Object-Oriented Programming (ECOOP) 2019 - Doctoral Symposium Co-Chair
ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA) 2018 - Artifact Evaluation Committee
ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA) 2017 - Artifact Evaluation Committee

Teaching

At Paderborn University, I suppervised Bachelor, Master or Seminar theses.

[ongoing] Master thesis - Explorative research on using LLVM and PhASAR to run data-flow analyses on SWIFT
[finished] Seminar Secure Systems Engineering (WS21/22) - Understanding and evaluating MarianaTrench
[finished] Master thesis - Explorative research on taint analysis for Kotlin
[finished] Master thesis - Soot-based configuration generator for analysis writers (co-supervised)
[finished] Master thesis - Extending fluentTQL: Specifying taint-flows through a domain-specific language
[finished] Master thesis - Evaluation of Call Graph Construction for Python (co-supervised)
[finished] Master thesis - Transformation of Taint and Typestate Specifications (co-supervised)
[finished] Seminar Secure Systems Engineering (WS19/20) - Transforming Taint flow Specifications into Correct Usage of APIs (co-supervised)
[finished] Seminar Secure Systems Engineering (WS19/20) - Survey on Domain Specific Languages for Taint Analysis
[finished] Pro-Seminar Softwareentwicklung fuer software-intensive Systeme (SS19) - Representing Source Code in Machine Leraning for Code Analysis
[finished] Seminar Advanced Software Engineering Contepts (SS19) - Integrating Feedback in the IDE
[finished] Master thesis - Detection of methods of interest for security based on software documentation
[finished] Seminar Secure Systems Engineering (WS18/19) - Survey on adaptive static analysis
[finished] Bachelor thesis - Authentication and authorization checker for Java web systems
[finished] Bachelor thesis - Evaluation of machine learning algorithms for automatic detection of security-relevant methods
[finished] Seminar Secure Systems Engineering (WS17/18) - Inferring specifications for taint-style vulnerabilities
[finished] Seminar Secure Systems Engineering (WS16/17) - Security vulnerabilities in Android's inter-app communication

If you are a student interested in similar topics, feel free to contact me and set up a meeting. Speculative requests are welcome.

Teaching assistance

Seminar: Replicability of software engineering artifacts (SS21)
Model-based software development (SS17)
Model-driven software development (WS16/17)
Model-driven software development (WS15/16)

Contact

e-Mail: goran(at)piskachev.com