DARPA honors researcher with Young Faculty Award

Author: Iqbal Pittalwala
August 17, 2022

Mohsen Lesani, an associate professor of computer science and engineering at UC Riverside, has received a Young Faculty Award from the Defense Advanced Research Projects Agency, or DARPA, a research and development agency of the U.S. Department of Defense. The multi-year, nearly $749,000 award identifies and engages “rising stars in junior research positions.”

The award will support a project titled “Information and Vulnerability Flow Type Systems,” which aims, Lesani said, to “derive the abstract machines that programs inadvertently expose to attackers.”

Mohsen Lesani
Mohsen Lesani.

Lesani added that modern cyber-attacks exploit a “long chain of dormant abstractions inside deployed functional systems.” 

“The composition of these primitives can give attackers powerful programming models to compose vulnerabilities and mount attacks,” he said. “For example, a sequence of vulnerabilities can emerge as a machine, called the weird machine, that can execute arbitrary code. This project defines and implements a type theory, a class of type-based program analysis techniques, that can derive the abstract weird machines that programs inadvertently expose.” 

According to Lesani, the proposed type systems track information flow to detect vulnerabilities and capture an abstract representation of the control flow structures of programs to capture their abstract weird machines. The resulting machines can then be examined to detect patterns of attacks.

Lesani received his doctoral degree from UCLA, after which he was a postdoctoral researcher at MIT. He received a NSF CAREER award in 2020 and the distinguished paper award at OOPSLA in 2018. His research was recognized as the SIGPLAN Research Highlight in 2019. His research interests are verification and synthesis of reliable and secure distributed and concurrent systems. His research results have been published in diverse venues covering computer security, verification, programming languages, and concurrent and distributed computing.