Learn more about my research below, or browse the projects I'm involved in and the software libraries that I maintain on the right.
In modern operating systems, applications can enforce very fine-grained control over OS resources (e.g., through SELinux); however, similar mechanisms do not exist for programs to enforce fine-grained control over heap objects within the same process.
We developed a new memory programming model to efficiently support fine-grained access control over objects or regions in the heap. A process's heap is programmatically divided into protection domains, and explicit privileges between these protection domains are modeled. Groups of threads, termed ribbons, are then mapped into one of more of these protection domains, which mapping defines the allowed set of privileges over the heap. We explore language features that leverage the Ribbons model and provide an efficient user-space implementation in C and Java (JikesRVM). Ribbon mechanisms allow secure, componentized applications to be developed without significant runtime overhead.[Abstract, OOPSLA 2011 paper, technical report, download]
Programs break as software evolves, often without someone noticing. Once someone finally notices, it may have been months or even years since the regression was introduced. Precisely identifying the cause out of thousands of source changes is often time tedious and time consuming. We propose the following strategy (a) collect full execution traces over the non-regression and regression versions for both regressing and non-regressing test cases, (b) analyze these traces via semantic differencing to identify probable regression causes. To tractably comparing full execution traces, we formulated a new algorithm that breaks a trace into a web of semantic views, which then allows us to efficiently and accurately approximate the longest common subsequence between traces in O(n) time and space. These techniques are implemented in our tool, RPrism. Our case studies show that RPrism accurately and automatically identifies the root cause of regressions out of hundreds of semantic differences.[Abstract, Tech Report dynt-200811-1] Look for our paper at PLDI 2009!
I'm working with my advisor Patrick Eugster on extending AspectJ with Explicit Join Points to enhance modular aspect-oriented software development for complex cross-cutting concerns.
We propose language extensions to AspectJ to mitigate the fragile pointcut problem and to address the state--point separation problem.
We demonstrate in our papers how to use our extensions to implement truly reusable aspect libraries that have robust pointcuts,
even for complex concerns such as transactions or exception handling.
[Abstract, TOSEM 2012 Paper, Tech Report ejp-200712-1, PPPJ 2007 Paper (was tech report ejp-200705-1), Tech Report ejp-200703-1, Tech Report ejp-200703-2, Source Code] ICSE 2008 results
The problem of building and maintaining trust within online communities also commands my interest.
To this end, I have studied reputation systems in collaboration with David Zage and Cristina Nita-Rotaru.
We have proposed an analysis model for understanding reputation systems, providing for common ground
upon which different systems can be compared and understood. We have also analyzed known and possible
attack vectors within reputation systems, highlighting which parts of a reputation system are made
vulnerable by which classes of attacks and why. We also classify and analyze defense mechanisms.
Six representative reputation systems are analyzed in detail, and an analysis of the other important
reputation systems to date is presented.
[Abstract, Tech Report CSD TR #07-013, ACM Computing Surveys Paper ]
Introduction to AOP, AspectJ, and Explicit Join Points (590V'08 Seminar) [download]
Aspect-based Introspection And Change Analysis For Evolving Programs (RAMSE @ ECOOP'07) [download]
Aspect-oriented Transactions via Explicit Join Points (590E'06 Seminar) [download]
Kevin Hoffman and Patrick Eugster, "Trading Obliviousness for Modularity with Cooperative Aspect-oriented Programming", to appear in ACM Transactions on Software Engineering and Methodology, accepted March 2012.
Kevin Hoffman, Harrison Metzger, and Patrick Eugster, "Ribbons: a Partially Shared Memory Programming Model", OOPSLA 2011.
Kevin Hoffman, Patrick Eugster, and Suresh Suresh Jagannathan, "Semantics-Aware Trace Analysis", PLDI 2009.
Kevin Hoffman, David Zage, and Cristina Nita-Rotaru, "A Survey of Attack and Defense Techniques for Reputation Systems", ACM Computing Surveys, Volume 42, Issue 1, December 2009.
Kevin Hoffman and Patrick Eugster, "Cooperative Aspect-Oriented Programming", Science of Computer Programming, Volume 74, Issues 5-6, March 2009, Pages 333-354.
Kevin Hoffman and Patrick Eugster, "Towards Probabilistic Assessment of Modularity", ACoM workshop, OOPSLA 2008.
Kevin Hoffman and Patrick Eugster, "Towards Reusable Components with Aspects: An Empirical Study on Modularity and Obliviousness", ICSE 2008.
Kevin Hoffman and Patrick Eugster, "Bridging Java and AspectJ through Explicit Join Points", PPPJ 2007.
Kevin Hoffman, Murali Krishna Ramanathan, Patrick Eugster, and Suresh Jagannathan, "Aspect-based Introspection and Change Analysis for Evolving Programs", RAM-SE workshop, ECOOP 2007.
Kevin Hoffman and Patrick Eugster, "Aspects Made Explicit for Safe Transactional Semantics", DSN 2006, Extended Abstract.