Second U.S. Patent on Safe Code Formats Awarded (March 2013)

U.S. Patent Number US8392897 "Safe Computer Code Formats and Methods for Generating Safe Computer Code" was awarded on 5th March 2013; my two co-inventors are a former Ph.D. student and a former PostDoc of mine. The patent covers "safe by construction" techniques for transporting mobile code.

U.S. Patent on Multi-Variant Code Awarded (August 2012)

U.S. Patent Number US08239836 "Multi-variant parallel program execution to detect malicious code injection" was awarded on 7th August 2012; my two co-inventors are former Ph.D. students of mine. The patent covers a variety of techniques for thwarting cyber attacks on software.

IEEE Computer Society Technical Achievement Award (June 2012)

I thank the IEEE Computer Society for awarding me a 2012 Technical Achievement Award. It is a good feeling to be recognized by one's peers and be able to highlight the good work going on here at UC Irvine!

Additionally, the IEEE Orange County Chapter named me a 2012 Outstanding Engineer.

Several Hundred Million People Using Our Research Results Daily

I have been one of the pioneers of dynamic compilation research. My first paper on JIT compilation was published in 1991 and my dissertation, entitled "Code Generation On-The-Fly: A Key To Portable Software," appeared two full years before the announcement of Java. Over the past twenty years, my students and I have worked on different aspects of dynamic compilation, most recently focusing on the development of Trace Compilation.

This work has had substantial impact. The trace compilation technology behind the "TraceMonkey" JavaScript compiler that is built into Mozilla's Firefox browser (since June 2009 / Firefox 3.5) originated in our lab. It is used daily by several hundred million people. More recently, the "Compartmental Memory Management" technique invented by my student Gregor Wagner has also made it into the mainline Firefox distribution (since March 2011 / Firefox 4.0).

A. Homescu, S. Neisius, P. Larsen, S. Brunthaler, and M. Franz; "Profile-guided Automated Software Diversity,"' in 2013 International Symposium on Code Generation and Optimization (CGO 2013), Shenzhen, China; February 2013.

A. Homescu, M. Stewart, P. Larsen, S. Brunthaler, and M. Franz; "Microgadgets: Size Does Matter In Turing-complete Return-oriented Programming,'" in 6th USENIX Workshop on Offensive Technologies (WOOT '12), Bellevue, Washington; August 2012.

Ch. Wimmer, S. Brunthaler, P. Larsen, and M. Franz; "Fine-Grained Modularity and Reuse of Virtual Machine Components;" in 11th Annual International Conference on Aspect-Oriented Software Development (AOSD '12), Potsdam, Germany, ACM Press, ISBN 978-1-4503-1092-}, pp. 203-214; March 2012.

G. Wagner, A. Gal, and M. Franz; “Slimming a Java Virtual Machine by way of Cold Code Removal and Optimistic Partial Program Loading;” in Science of Computer Programming, Vol. 76, No. 11, pp. 1037-1053; November 2011.

M. Chang, B. Mathiske, E. Smith, A. Chaudhuri, M. Bebenita, A Gal, Ch. Wimmer, and M Franz; "The Impact of Optional Type Information on JIT Compilation Of Dynamically Typed Languages" in 7th Dynamic Languages Symposium (DLS 2011), Portland, Oregon, ACM Press, ISBN978-1-4503-0939-4, pp. 13-24; October 2011.

T. Jackson, B. Salamat, A. Homescu, K. Manivannan, G. Wagner, A. Gal, S. Brunthaler, Ch. Wimmer, and M. Franz; “Compiler-Generated Software Diversity;” in S. Jajodia, A.K. Ghosh, V. Swarup, C. Wang, and X.S. Wang (Eds.), Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats; Springer, ISBN 978-1-4614-0976-2; September 2011.

G. Wagner, A. Gal, Ch. Wimmer, B. Eich and M. Franz; "Compartmental Memory Management in a Modern Web Browser;" in International Symposium on Memory Management (ISMM 2011), San Jose, California; June 2011.

B. Salamat, T. Jackson, G. Wagner, Ch. Wimmer, and M. Franz: "Run-Time Defense against Code Injection Attacks using Replicated Execution ;" In IEEE Transactions on Dependable and Secure Computing. IEEE Computer Society, 2011.

T. Jackson, B. Salamat, G. Wagner, Ch. Wimmer, and M.Franz; “On the Effectiveness of Multi-Variant Program Execution for Vulnerability Detection and Prevention;” in International Workshop on Security Measurements and Metrics (MetriSec 2010), Bolzano-Bozen, Italy; September 2010.

M. Franz; “E unibus pluram: Massive-Scale Software Diversity as a Defense Mechanism;” in New Security Paradigms Workshop 2010 (NSPW 2010), Concord, Massachussetts; September 2010.

M. Bebenita, M. Chang, K. Manivannan, G. Wagner, M. Cintra, B. Mathiske, A. Gal, C. Wimmer, M. Franz; "Trace Based Compilation in Interpreter-less Execution Environments;" in A. Krall, H. Mössenböck (Eds.), 8th International Conference on the Principles and Practice of Programming in Java 2010 (PPPJ 2010), Vienna, Austria, ACM Press, ISBN 978-1-4503-0269-2, pp. 59–68; September 2010.

K. Manivannan, Ch. Wimmer, and M. Franz; “Decentralized Information Flow Control on a Bare-Metal JVM;” in Sixth Annual Cyber Security and Information Intelligence Research Workshop (CSIIRW’10), Oak Ridge National Laboratory, Oak Ridge, Tennessee; April 2010.

T. Jackson, Ch. Wimmer, and M. Franz; “Multi-Variant Program Execution for Vulnerability Detection and Analysis;” in Sixth Annual Cyber Security and Information Intelligence Research Workshop (CSIIRW’10), Oak Ridge National Laboratory, Oak Ridge, Tennessee; April 2010.

Ch. Wimmer and Michael Franz; "Linear Scan Register Allocation on SSA Form;" in International Symposium on Code Generation and Optimization (CGO), Toronto, Canada, ACM Press, ISBN 978-1-60558-635-9, pp. 170–179; April 2010.

A. Yermolovich, Ch. Wimmer, and M. Franz; "Optimization of Dynamic Languages Using Hierarchical Layering of Virtual Machines;" in Proceedings of the 5th Symposium on Dynamic Languages (DLS 2009), Orlando, Florida, ISBN 978-1-60558-769-1, pp. 79–88; October 2009.

Ch. Wimmer, M. Cintra, M. Bebenita, M. Chang, A. Gal, and M. Franz; "Phase Detection using Trace Compilation;" accepted for publication in The 7th International Conference on the Principles and Practice of Programming in Java 2009 (PPPJ 2009), Calgary, Alberta; August 2009.

Ch. Kerschbaumer, G. Wagner, Ch. Wimmer, A. Gal, Ch. Steger, and M. Franz; :SlimVM: A Small Footprint Java Virtual Machine for Connected Embedded Systems;" accepted for publication in The 7th International Conference on the Principles and Practice of Programming in Java 2009 (PPPJ 2009), Calgary, Alberta; August 2009.

W. Amme, J. von Ronne, Ph. Adler, and M. Franz; "The Effectiveness of Producer-Side Machine-Independent Optimizations for Mobile Code;" in Software—Practice and Experience, Vol. 29, No. 10, pp. 923–946; July 2009.

M. Bebenita, M. Chang, A. Gal, and M. Franz; "Stream-Based Dynamic Compilation for Object-Oriented Languages;" accepted for publication in 47th International Conference on Objects, Models, Components, Patterns (TOOLS-EUROPE 2009), Zurich, Switzerland; June 2009.

A. Gal, B. Eich, M. Shaver, D. Anderson, B. Kaplan. G. Hoare, D. Mandelin, B. Zbarsky, J. Orendorff, J. Ruderman, E. Smith, R. Reitmaier, M. R. Haghighat, M. Bebenita, M. Chang, and M Franz; "Trace-based Just-in-Time Type Specialization for Dynamic Languages;" accepted for publication in Programming Language Design and Implementation (PLDI 2009), Dublin, Ireland; June 2009. (34 accepted out of 196 submissions)

B. Salamat, T. Jackson, A. Gal, and M. Franz; "Intrusion Detection Using Parallel Execution and Monitoring of Program Variants in User-Space;" in EuroSys'09, Nürnberg, Germany; April 2009. (25 accepted out of 148 submissions)

M. Franz; "Information-Flow Aware Virtual Machines: Foundations For Trustworthy Computing;" in Cybersecurity Applications and Technologies Conference for Homeland Security (CATCH 2009), Washington, D.C.; March 2009.

E. Yardimci and M. Franz; "Mostly-Static Program Partitioning of Binary Executables;" accepted for publication in ACM Transactions on Programming Languages and Systems (TOPLAS).

M. Chang, E. Smith, R. Reitmaier, A. Gal, M. Bebenita, Ch. Wimmer, B. Eich, and M. Franz; "Tracing for Web 3.0: Trace Compilation for the Next Generation Web Applications;" in The 2009 ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments (VEE 2009), Washington, D.C.; March 2009.

L. Wang and M. Franz; "Automatic Partitioning of Object-Oriented Programs for Resource-Constrained Mobile Devices with Multiple Distribution Objectives;" in The 14th IEEE International Conference on Parallel and Distributed Systems (ICPADS'08), Melbourne, Victoria, Australia, December 2008.

G. Wagner, A. Gal, and M. Franz; "SlimVM: Optimistic Partial Program Loading for Connected Embedded Java Virtual Machines;" in The International Conference on the Principles and Practice on Programming in Java 2008 (PPPJ 2008), Modena, Italy; September 2008. Best Paper Award.

A. Yermolovich, A. Gal, and M. Franz; "Portable Execution of Legacy Binaries on the Java Virtual Machine;" in The International Conference on the Principles and Practice on Programming in Java 2008 (PPPJ 2008), Modena, Italy; September 2008.

A. Gal, Ch. W. Probst, and M. Franz; Java Bytecode Verification via Static Single Assignment Form; in ACM Transactions on Programming Languages and Systems (TOPLAS), Vol. 30, No. 4, Article No. 21, pp. 1-21; July 2008.

E. Yardimci and M. Franz; "Dynamic Parallelization of Binary Executables on Hierarchical Platforms;'' in The Journal of Instruction-Level Parallelism, Vol. 10, Paper 6, ISSN 1942-9525, pp. 1-24; June 2008.

Additional Funding News (August 2012)

In the month of August 2012, I won over $900,000 in additional funding for my work on software diversity.

First, I won an additional year of funding from DARPA for the project "Defending Mobile Apps Through Automated Software Diversity." The existing project, on which I am the sole PI, has been extended through February 2015 along with an additional award of $467,442, bringing the total to $1,847,602.

Second, I received a new award of $456,809 from the Navy on a subcontract from Johns Hopkins University for my project "Meta-Circular Software Diversity for Intrusion Tolerant Clouds."

New Award from NSF: $499,867 as sole PI (July 2011)

I am pleased to report that I have received $499,867 as sole PI from the National Science Foundation, Computing and Communications Foundations Program. Program Manager is Dr. Bill Pugh.

This project, which will run from August 2011 to July 2014 will investigate fine-grained modularity and reuse of virtual machine components. The idea is to build a sharable "erector set" of virtual-machine parts that can be put together in different configurations to cover a wide range of needs, instead of having to build custom virtual machines from scratch each time.

New Award from Samsung: $349,965 as sole PI (March 2011)

I have received $349,965 as sole PI from Samsung Telecommunications America. Samsung's Program Manager is Venky Raju.

This project, which will initially run from January to December 2011 (and is expected to run for two additional years at similar levels of funding) will strive to create better virtual machine architectures, especially for applications in mobile devices.

More Funding News

I am very grateful for generous gifts from Adobe, Amazon, Google, Intel, Oracle, and Mozilla that have supported my research in recent years. I have also received substantial support from several different funding agencies of the Federal United States Government.

Amazon Corporation, $18,000 AWS in Education Research Grant, sole beneficiary; September 2012.

Adobe Corporation, unrestricted gift of $25,000, sole beneficiary; August 2011.

Google Corporation, unrestricted gift of $61,000, sole beneficiary; June 2011.

Adobe Corporation, unrestricted gift of $35,000, sole beneficiary; August 2010.

Adobe Corporation, unrestricted gift of $40,000, sole beneficiary; March 2010.

Thank You!

Post-Doctoral Researcher Search

I anticipate that one or more full-time Post-doctoral Scholar positions will become available soon and I am looking for capable candidates to join my team. Appointments will be initially for a one year period and will be renewable. These positions require a Ph.D. degree in Computer Science and demonstrated expertise, at the highest level, in the area of compiler construction. The ideal candidate would already have at least one publication in a top conference such as PLDI or CGO, or in a top journal such as TOPLAS.

Current graduate students who fulfill all other requirements but who have not quite yet completed their Ph.Ds. are welcome to apply; however, any offer will be made contingent on successful completion of the degree.

Salary to be between $37,740-$80,880 annually, depending on experience and qualification. Candidates without experience in the area of compilers are not encouraged to apply.

Interested applicants should respond by forwarding a cover memo, Curriculum Vitae, and the names and addresses of three references. Please also be aware that it takes up to 6 months to obtain the necessary work permit for non-U.S. citizens.

The University of California, Irvine is an equal opportunity employer committed to excellence through diversity.