Recently, I collaborated with a number of researchers from the Software Systems Laboratory of Columbia University, on a study regarding POSIX (Portable Operating System Interface) abstractions. In a nutshell, we measured how and to what extent traditional POSIX abstractions are being used in modern operating systems, and whether new abstractions are taking form, dethroning traditional ones. The results of this study were presented at the 11th European Conference on Computer Systems (EuroSys ’16).

Continue reading →

Recently, I’ve been working on a project where I needed to scan a large number of .apk files for potential malware or malicious intent. Given the fact that antiviruses produce many false positives, it would be better for me to scan the files by using more than one antivirus. During a discussion with a colleague, he mentioned the VirusTotal service. VirusTotal is a free service in which a web user can scan files and URLs to see if they are related to any kind of malicious behavior (viruses, worms, Trojans, etc.). To do so, it uses 55 different antiviruses and 61 scan engines. Using it is pretty straightforward: users upload a file and when the engines finish their analysis the results are displayed. Continue reading →

Given the fact that security bugs are critical, one of the basic pursuits in every new software release should be to mitigate such bugs. In essence, security bugs should decrease as a project evolves. In a previous post I described how I measured the occurrence of security bugs through time and observed that security bugs actually increase as projects evolve. However, the corresponding experiment involved only four projects.
Continue reading →