Experience
Google Inc., Mountain View, CA
Software Engineer, September 2015 - Present
- Working on various techniques for mobile malware detection
University of Wisconsin-Madison, Madison, WI
Pennsylvania State University, University Park, PA
Postdoctoral Research Associate, September 2014 - September 2015
- Designed and implemented a technique for propagation of constants
with composite types. Presented it at ICSE 2015. Released the tool at
http://siis.cse.psu.edu/coal.
- Reformulated the problem of inferring Android Inter-Component
Communication to a composite constant propagation problem. Released the
tool at
http://siis.cse.psu.edu/ic3.
- Studied probabilistic ranking of program values inferred using
static analysis. Presented it at POPL 2016. Released the tool at
http://siis.cse.psu.edu/primo.
Pennsylvania State University, University Park, PA
Research Assistant, January 2009 - July 2014
- Designed and implemented Ded, the first efficient method to
decompile applications running on Google Android (≈95% success
rate). Released the tool at
http://siis.cse.psu.edu/ded.
- Used Ded for a study of the security of 1,100 applications using
static analysis, presented at USENIX Security 2011.
- Designed and implemented Dare, the most efficient method to
retarget Android applications to Java bytecode (99.99% success rate).
Presented it at FSE 2012. Released the tool and source code at
http://siis.cse.psu.edu/dare.
- Designed and implemented Epicc, a tool to analyze Android
Inter-Component Communication. Presented it at USENIX Security
2013. Released the tool at
http://siis.cse.psu.edu/epicc.
Google Inc., Mountain View, CA
Intern in the Security team, Summer 2013
Google Inc., Mountain View, CA
Intern, Summer 2011
- Designed and implemented tools to analyze and visualize experimental
data about user proximity.
- Patented the work as U.S. Patent 8,830,909, issued on September 9,
2014.
Pennsylvania State University, University Park, PA
Teaching Assistant, August 2010 - December 2010
Assisted students in labs for CMPSC 122, the course in intermediate
programming in C++.
Osiatis France, Bordeaux, France
Intern, Summer 2008
- Designed and implemented a collaborative php/MySQL application to
manage the follow up on all IT issues for a major client.
- Trained the local team to use and modify it.
Education
Pennsylvania State University, 2014
- Ph.D. in Computer Science and Engineering
Thesis: Analysis of Inter-Component Communication in Mobile Applications Through Retargeting
Advisor: Dr. Patrick McDaniel
- M.S. in Computer Science and Engineering, 2010
Thesis: Automated Certification of Android Applications
Advisor: Dr. Patrick McDaniel
Ecole Centrale de Lyon, France
- Diplôme d'ingénieur (Master's degree in
Engineering), 2010
- B.S. in Engineering, 2007
Publications
Journal Publications
Damien Octeau, Daniel Luchaup, Somesh Jha, and Patrick McDaniel.
Composite Constant Propagation and its
Application to Android Program Analysis. IEEE Transactions of
Software Engineering (TSE), vol. 42, no. 11, pp. 999-1014, November
2016.
Basak Guler, Burak Varan, Kaya Tutuncuoglu, Mohamed Nafea, Ahmed A.
Zewail, Aylin Yener, and Damien Octeau. Using Social Sensors for
Influence Propagation in Networks with Positive and Negative
Relationships. IEEE Journal on Selected Topics in Signal Processing:
Special Issue on Signal Processing for Situational Awareness from
Networked Sensors and Social Media. March 2015.
Conference Publications
Li Li, Tegawende F. Bissyande, Damien Octeau and Jacques Klein.
Reflection-Aware Static Analysis of Android Apps, Proceedings of
the 31st IEEE/ACM International Conference on Automated Software
Engineering (ASE), Tool Track, September 2016, Singapore, Singapore.
Michael Backes, Sven Bugiel, Erik Derr, Patrick McDaniel, Damien
Octeau, and Sebastian Weisgerber. On Demystifying the Android
Application Framework: Re-Visiting Android Permission Specification
Analysis. Proceedings of the 25th USENIX Security Symposium,
August 2016, Austin, TX. Acceptance rate: 15.6%.
Li Li, Tegawende F. Bissyande, Damien Octeau, and Jacques Klein.
DroidRA: Taming Reflection to Support Whole-Program Analysis of Android
Apps. Proceedings of the 25th International Symposium on Software
Testing and Analysis (ISSTA)}. Saarbrucken, Germany, July 2016.
Acceptance rate: 25.17%.
Damien Octeau, Somesh Jha, Matthew Dering, Patrick McDaniel, Alexandre
Bartel, Li Li, Jacques Klein, and Yves Le Traon. Combining Static
Analysis with Probabilistic Models to Enable Market-Scale Android
Inter-Component Analysis. Proceedings of the 43rd ACM SIGPLAN-SIGACT
Symposium on Principles of Programming Languages (POPL). St.
Petersburg, Florida, USA, January 2016. Acceptance rate: 23.3%.
Damien Octeau, Daniel Luchaup, Matthew Dering, Somesh Jha, and Patrick
McDaniel. Composite Constant Propagation: Application to Android
Inter-Component Communication Analysis. Proceedings of the 37th
International Conference on Software Engineering (ICSE), May 2015.
Florence, Italy. Acceptance rate: 18.5%.
Li Li, Alexandre Bartel, Jacques Klein, Yves Le Traon, Steven Artz,
Siegfried Rasthofer, Eric Bodden, Damien Octeau, and Patrick McDaniel.
I Know What leaked in Your Pocket: Uncovering Privacy Leaks on Android
Apps with Static Taint Analysis. Proceedings of the 37th
International Conference on Software Engineering (ICSE), May 2015.
Florence, Italy. Acceptance rate: 18.5%.
Basak Guler, Burak Varan, Kaya Tutuncuoglu, Mohamed Nafea, Ahmed A.
Zewail, Aylin Yener, and Damien Octeau. Communicating in a
Socially-Aware Network: Impact of Relationship Types. Proceedings of
the 2nd IEEE Global Conference on Signal and Information Processing
(GlobalSIP), December 2014. Atlanta, GA.
Wenhui Hu, Damien Octeau, Patrick McDaniel, and Peng Liu. Duet: Library
Integrity Verification for Android Applications.
Proceedings of the 7th ACM Conference on Security and Privacy in
Wireless and Mobile Networks (WiSec), July 2014. Oxford, UK.
Acceptance rate: 26.0%.
Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden,
Alexandre Bartel, Jacques Klein, Yves Le Traon, Damien Octeau, and
Patrick McDaniel. FlowDroid: Precise Context, Flow, Field,
Object-sensitive and Lifecycle-aware Taint Analysis for Android Apps.
Proceedings of the 35th Conference on Programming Language Design and
Implementation (PLDI), June 2014. Edinburgh, UK. Acceptance
rate: 18.1%.
Damien Octeau, Patrick McDaniel, Somesh Jha, Alexandre Bartel,
Eric Bodden, Jacques Klein, and Yves Le Traon.
Effective
Inter-Component Communication Mapping in Android with Epicc: An
Essential Step Towards Holistic Security Analysis. Proceedings of
the 22nd USENIX Security Symposium, August 2013. Washington, DC.
Acceptance rate: 16.2%.
Damien Octeau, Somesh Jha, and Patrick McDaniel.
Retargeting Android Applications to Java Bytecode.
Proceedings of the 20th International Symposium on the
Foundations of Software Engineering, November 2012.
Cary, NC. Acceptance rate: 17.4%.
Best Artifact Award
William Enck, Damien Octeau, Patrick McDaniel, and Swarat Chaudhuri.
A Study of Android Application Security.
Proceedings of the 20th USENIX Security Symposium, August 2011.
San Francisco, CA. Acceptance rate: 17.2%.
Other Publications
Basak Guler, Burak Varan, Kaya Tutuncuoglu, Mohamed Nafea, Ahmed A.
Zewail, Aylin Yener, and Damien Octeau. Optimal Strategies for Targeted
Influence in Signed Networks. Proceedings of the ASONAM C3-2014
Workshop, August 2014. Beijing, China.
Damien Octeau. Analysis of Inter-Component Communication in Mobile
Applications Through Retargeting. Ph.D. Dissertation. Pennsylvania
State University, University Park, PA, August 2014.
Damien Octeau. Automated Certification of Android Applications.
Master's Thesis. Pennsylvania State University, University Park, PA,
May 2010.
Damien Octeau, William Enck and Patrick McDaniel. The ded Decompiler.
Technical Report NAS-TR-0140-2010, Network and Security
Research Center, Department of Computer Science and Engineering,
Pennsylvania State University, University Park, PA.
Awards
- AT&T Graduate Fellowship, 2013
- Best Research Artifact Award, 20th International
Symposium on the Foundations of Software Engineering (FSE), 2012
- USENIX Security Symposium Travel Grant, 2009, 2011, 2013
Presentations
Combining Static Analysis with Probabilistic Models to Enable
Market-Scale Android Inter-Component Analysis. 43rd ACM
SIGPLAN-SIGACT Symposium on Principles of Programming Languages
(POPL), St. Petersburg, Florida, USA, January 2016.
Composite Constant Propagation: Application to Android Inter-Component
Communication Analysis, 37th International Conference on Software
Engineering (ICSE), Florence, Italy, May 2015.
Analysis of Inter-Component Communication in Mobile Applications
Through Retargeting, Invited talk at the City University of New
York, New York, NY, April 2015.
Analysis of Inter-Component Communication in Mobile Applications
Through Retargeting, Invited talk at IBM Research, Yorktown
Heights, NY, March 2015.
Analysis of Inter-Component Communication in Mobile Applications
Through Retargeting, Invited talk at the Virginia Polytechnic
Institute and State University, Blacksburg, VA, March 2015.
Analysis of Inter-Component Communication in Mobile Applications
Through Retargeting, Invited talk at the North Carolina State
University, Raleigh, NC, March 2015.
Analysis of Inter-Component Communication in Mobile Applications
Through Retargeting, Invited talk at the New York University,
New York, NY, February 2015.
Duet: Library Integrity Verification for Android Applications,
7th ACM Conference of Security and Privacy in Wireless and Mobile
Networks, July 2014.
Effective Inter-Component Communication Analysis in Android with
Epicc, 2014 Network and Distributed Systems Security (NDSS)
Symposium, San Diego, CA, February 2014 (poster).
Effective Inter-Component Communication Mapping in Android with
Epicc: An Essential Step Towards Holistic Security Analysis,
Invited talk at Google Inc., Mountain View, CA, August 2013.
Effective Inter-Component Communication Mapping in Android with
Epicc: An Essential Step Towards Holistic Security Analysis,
22nd USENIX Security Symposium, August 2013.
Retargeting Android Applications to Java Bytecode, 20th
International Symposium on the Foundations of Software Engineering,
November 2012.
Retargeting Android Applications to Java Bytecode for Static Analysis,
Invited talk at the University of Luxembourg, September 2012.
Android Application Analysis through Retargeting, Network and
Security Research Center Industry Day 2012 (poster).
Decompiling Android Applications, Network and
Security Research Center Industry Day 2009 (poster).
Decompiling Android Applications, 18th USENIX Security Symposium
(work-in-progress report), Montreal, Canada, August 2009.
Patents
U.S. Patent 8,830,909. Methods and Systems to Determine User
Relationships, Events and Spaces using Wireless Fingerprints. Damien
Octeau and Arunesh Mishra. Issued September 9, 2014.
Professional Activities
Committees:
- Mobile Security Technologies (MoST), 2017, PC Member
- Annual ACM CCS Workshop on Security and Privacy in Smartphones
and Mobile Devices (SPSM), 2016, PC Member
- ACM Conference on Security and Privacy in Wireless and Mobile
Networks (WiSec), 2016, PC Member
- International Workshop on Mobile Computing Security, 2015, PC
Member
- International Workshop on System-Level Security of Smartphones,
2014, PC Member
Reviewer (conferences):
- ACM Symposium on Principles of Programming Languages (POPL):
2016
- ACM Workshop on Moving Target Defense: 2015
- IEEE International Conference on Computer and Communication
Technology (ICCCT): 2015
- International Symposium on Engineering Secure Software and
Systems (ESSoS): 2015
- USENIX Security Symposium: 2014
- IEEE Computer Security Foundations Symposium (CSF): 2014
- International Symposium on Software Testing and Analysis
(ISSTA): 2014
- IEEE Symposium on Security and Privacy (Oakland): 2013
- ACM Conference on Computer Security (CCS): 2012
- ACM Annual International Conference on Mobile Computing and
Networking (MobiCom): 2012
- Network and Distributed Systems Security Symposium (NDSS):
2012
Reviewer (journals):
- Pervasive and Mobile Computing: 2016
- IEEE Transactions on Services Computing: 2015
- IEEE Pervasive Computing: 2015
- IEEE Security and Privacy: 2014
- Security and Communication Networks: 2014, 2015, 2016
- ACM Computing Surveys: 2014, 2015
- Journal of Computer Security: 2014
- IEEE Transactions on Mobile Computing (TMC): 2013
- IEEE Transactions on Dependable and Secure Computing (TDSC): 2013
- ACM Transactions on Embedded Computing Systems (TECS): 2013
- IEEE Transactions on Parallel and Distributed Systems (TPDS): 2012
- Ph.D. in Computer Science and Engineering
Thesis: Analysis of Inter-Component Communication in Mobile Applications Through Retargeting
Advisor: Dr. Patrick McDaniel - M.S. in Computer Science and Engineering, 2010
Thesis: Automated Certification of Android Applications
Advisor: Dr. Patrick McDaniel
- Diplôme d'ingénieur (Master's degree in Engineering), 2010
- B.S. in Engineering, 2007
Publications
Journal Publications
Damien Octeau, Daniel Luchaup, Somesh Jha, and Patrick McDaniel. Composite Constant Propagation and its Application to Android Program Analysis. IEEE Transactions of Software Engineering (TSE), vol. 42, no. 11, pp. 999-1014, November 2016.Basak Guler, Burak Varan, Kaya Tutuncuoglu, Mohamed Nafea, Ahmed A. Zewail, Aylin Yener, and Damien Octeau. Using Social Sensors for Influence Propagation in Networks with Positive and Negative Relationships. IEEE Journal on Selected Topics in Signal Processing: Special Issue on Signal Processing for Situational Awareness from Networked Sensors and Social Media. March 2015.
Conference Publications
Li Li, Tegawende F. Bissyande, Damien Octeau and Jacques Klein. Reflection-Aware Static Analysis of Android Apps, Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering (ASE), Tool Track, September 2016, Singapore, Singapore.Michael Backes, Sven Bugiel, Erik Derr, Patrick McDaniel, Damien Octeau, and Sebastian Weisgerber. On Demystifying the Android Application Framework: Re-Visiting Android Permission Specification Analysis. Proceedings of the 25th USENIX Security Symposium, August 2016, Austin, TX. Acceptance rate: 15.6%.
Li Li, Tegawende F. Bissyande, Damien Octeau, and Jacques Klein. DroidRA: Taming Reflection to Support Whole-Program Analysis of Android Apps. Proceedings of the 25th International Symposium on Software Testing and Analysis (ISSTA)}. Saarbrucken, Germany, July 2016. Acceptance rate: 25.17%.
Damien Octeau, Somesh Jha, Matthew Dering, Patrick McDaniel, Alexandre Bartel, Li Li, Jacques Klein, and Yves Le Traon. Combining Static Analysis with Probabilistic Models to Enable Market-Scale Android Inter-Component Analysis. Proceedings of the 43rd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL). St. Petersburg, Florida, USA, January 2016. Acceptance rate: 23.3%.
Damien Octeau, Daniel Luchaup, Matthew Dering, Somesh Jha, and Patrick McDaniel. Composite Constant Propagation: Application to Android Inter-Component Communication Analysis. Proceedings of the 37th International Conference on Software Engineering (ICSE), May 2015. Florence, Italy. Acceptance rate: 18.5%.
Li Li, Alexandre Bartel, Jacques Klein, Yves Le Traon, Steven Artz, Siegfried Rasthofer, Eric Bodden, Damien Octeau, and Patrick McDaniel. I Know What leaked in Your Pocket: Uncovering Privacy Leaks on Android Apps with Static Taint Analysis. Proceedings of the 37th International Conference on Software Engineering (ICSE), May 2015. Florence, Italy. Acceptance rate: 18.5%.
Basak Guler, Burak Varan, Kaya Tutuncuoglu, Mohamed Nafea, Ahmed A. Zewail, Aylin Yener, and Damien Octeau. Communicating in a Socially-Aware Network: Impact of Relationship Types. Proceedings of the 2nd IEEE Global Conference on Signal and Information Processing (GlobalSIP), December 2014. Atlanta, GA.
Wenhui Hu, Damien Octeau, Patrick McDaniel, and Peng Liu. Duet: Library Integrity Verification for Android Applications. Proceedings of the 7th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), July 2014. Oxford, UK. Acceptance rate: 26.0%.
Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves Le Traon, Damien Octeau, and Patrick McDaniel. FlowDroid: Precise Context, Flow, Field, Object-sensitive and Lifecycle-aware Taint Analysis for Android Apps. Proceedings of the 35th Conference on Programming Language Design and Implementation (PLDI), June 2014. Edinburgh, UK. Acceptance rate: 18.1%.
Damien Octeau, Patrick McDaniel, Somesh Jha, Alexandre Bartel, Eric Bodden, Jacques Klein, and Yves Le Traon. Effective Inter-Component Communication Mapping in Android with Epicc: An Essential Step Towards Holistic Security Analysis. Proceedings of the 22nd USENIX Security Symposium, August 2013. Washington, DC. Acceptance rate: 16.2%.
Damien Octeau, Somesh Jha, and Patrick McDaniel. Retargeting Android Applications to Java Bytecode. Proceedings of the 20th International Symposium on the Foundations of Software Engineering, November 2012. Cary, NC. Acceptance rate: 17.4%. Best Artifact Award
William Enck, Damien Octeau, Patrick McDaniel, and Swarat Chaudhuri. A Study of Android Application Security. Proceedings of the 20th USENIX Security Symposium, August 2011. San Francisco, CA. Acceptance rate: 17.2%.
Other Publications
Basak Guler, Burak Varan, Kaya Tutuncuoglu, Mohamed Nafea, Ahmed A. Zewail, Aylin Yener, and Damien Octeau. Optimal Strategies for Targeted Influence in Signed Networks. Proceedings of the ASONAM C3-2014 Workshop, August 2014. Beijing, China.Damien Octeau. Analysis of Inter-Component Communication in Mobile Applications Through Retargeting. Ph.D. Dissertation. Pennsylvania State University, University Park, PA, August 2014.
Damien Octeau. Automated Certification of Android Applications. Master's Thesis. Pennsylvania State University, University Park, PA, May 2010.
Damien Octeau, William Enck and Patrick McDaniel. The ded Decompiler. Technical Report NAS-TR-0140-2010, Network and Security Research Center, Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA.
Awards
- AT&T Graduate Fellowship, 2013
- Best Research Artifact Award, 20th International Symposium on the Foundations of Software Engineering (FSE), 2012
- USENIX Security Symposium Travel Grant, 2009, 2011, 2013
Presentations
Combining Static Analysis with Probabilistic Models to Enable Market-Scale Android Inter-Component Analysis. 43rd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL), St. Petersburg, Florida, USA, January 2016.Composite Constant Propagation: Application to Android Inter-Component Communication Analysis, 37th International Conference on Software Engineering (ICSE), Florence, Italy, May 2015.
Analysis of Inter-Component Communication in Mobile Applications Through Retargeting, Invited talk at the City University of New York, New York, NY, April 2015.
Analysis of Inter-Component Communication in Mobile Applications Through Retargeting, Invited talk at IBM Research, Yorktown Heights, NY, March 2015.
Analysis of Inter-Component Communication in Mobile Applications Through Retargeting, Invited talk at the Virginia Polytechnic Institute and State University, Blacksburg, VA, March 2015.
Analysis of Inter-Component Communication in Mobile Applications Through Retargeting, Invited talk at the North Carolina State University, Raleigh, NC, March 2015.
Analysis of Inter-Component Communication in Mobile Applications Through Retargeting, Invited talk at the New York University, New York, NY, February 2015.
Duet: Library Integrity Verification for Android Applications, 7th ACM Conference of Security and Privacy in Wireless and Mobile Networks, July 2014.
Effective Inter-Component Communication Analysis in Android with Epicc, 2014 Network and Distributed Systems Security (NDSS) Symposium, San Diego, CA, February 2014 (poster).
Effective Inter-Component Communication Mapping in Android with Epicc: An Essential Step Towards Holistic Security Analysis, Invited talk at Google Inc., Mountain View, CA, August 2013.
Effective Inter-Component Communication Mapping in Android with Epicc: An Essential Step Towards Holistic Security Analysis, 22nd USENIX Security Symposium, August 2013.
Retargeting Android Applications to Java Bytecode, 20th International Symposium on the Foundations of Software Engineering, November 2012.
Retargeting Android Applications to Java Bytecode for Static Analysis, Invited talk at the University of Luxembourg, September 2012.
Android Application Analysis through Retargeting, Network and Security Research Center Industry Day 2012 (poster).
Decompiling Android Applications, Network and Security Research Center Industry Day 2009 (poster).
Decompiling Android Applications, 18th USENIX Security Symposium (work-in-progress report), Montreal, Canada, August 2009.
Patents
U.S. Patent 8,830,909. Methods and Systems to Determine User Relationships, Events and Spaces using Wireless Fingerprints. Damien Octeau and Arunesh Mishra. Issued September 9, 2014.Professional Activities
Committees:- Mobile Security Technologies (MoST), 2017, PC Member
- Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM), 2016, PC Member
- ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), 2016, PC Member
- International Workshop on Mobile Computing Security, 2015, PC Member
- International Workshop on System-Level Security of Smartphones, 2014, PC Member
- ACM Symposium on Principles of Programming Languages (POPL): 2016
- ACM Workshop on Moving Target Defense: 2015
- IEEE International Conference on Computer and Communication Technology (ICCCT): 2015
- International Symposium on Engineering Secure Software and Systems (ESSoS): 2015
- USENIX Security Symposium: 2014
- IEEE Computer Security Foundations Symposium (CSF): 2014
- International Symposium on Software Testing and Analysis (ISSTA): 2014
- IEEE Symposium on Security and Privacy (Oakland): 2013
- ACM Conference on Computer Security (CCS): 2012
- ACM Annual International Conference on Mobile Computing and Networking (MobiCom): 2012
- Network and Distributed Systems Security Symposium (NDSS): 2012
- Pervasive and Mobile Computing: 2016
- IEEE Transactions on Services Computing: 2015
- IEEE Pervasive Computing: 2015
- IEEE Security and Privacy: 2014
- Security and Communication Networks: 2014, 2015, 2016
- ACM Computing Surveys: 2014, 2015
- Journal of Computer Security: 2014
- IEEE Transactions on Mobile Computing (TMC): 2013
- IEEE Transactions on Dependable and Secure Computing (TDSC): 2013
- ACM Transactions on Embedded Computing Systems (TECS): 2013
- IEEE Transactions on Parallel and Distributed Systems (TPDS): 2012