[TYPES] Job opening in Microsoft on program analysis and security defect detection

Ramanathan Venkatapathy ramanv at microsoft.com
Fri Sep 16 14:14:52 EDT 2005 

Here's an interesting opportunity at Microsoft. Currently Microsoft is
deploying an annotation language for C/C++ as well as tools to
statically prevent bugs. The design and implementation of the annotation
language and the tools is very akin to building type systems. The
interesting twist is that these type systems will be used by frontline
developers and the tools must scale to check the entire Windows code
base. Astute readers will notice that problem described below is an
information flow problem with declassification.  
 
Contact: ramanv at microsoft.com
 
Details:
 
The security tools group in CSE (Center for Software Excellence) is
focused on building next generation technology and tools to dramatically
improve the security of Microsoft software. Our contributions to the
research community and Microsoft include breakthrough defect detection
technology in PREfast for finding several kinds of coding defects
including buffer overruns and integer overflows.
 
We are driving the effort to penetration review the Windows Vista
sources. We are defining extensions to the source annotation language
(SAL) and developing new analysis to use these annotations and assist
with the penetration review. Our approach will precisely track the
entry, flow and validation of untrusted data in the system. The work
involves solving hard algorithmic and performance problems related to
automatically analyzing millions of lines of code. This also involves
understanding the architecture and abstractions used in critical parts
of Windows. We will be using similar processes and tools to establish
the Blackcomb security quality gates. These quality gates will be a
critical part of Blackcomb engineering.
 
What is unique about this opportunity?
 
* Algorithmically challenging work
* Cutting edge work on program analysis and secure programming
* Compelling impact to make Vista a more secure platform
* Opportunity to influence Blackcomb engineering process by driving
security quality gates 
 
Ideal candidate attributes 
 
* Passionate about improving security of Microsoft software
* Knowledgeable on secure programming concepts
* Knowledgeable on program analysis concepts
* Solid engineering and coding discipline
* Looking for stretch goals from an impact and algorithmic standpoint

More information about the Types-list mailing list