> uci > ics > franz > home

Hello, and Welcome!

I am a Full Professor in the Department of Computer Science in the Donald Bren School of Information and Computer Sciences, a Full Professor (by courtesy) in the Department of Electrical Engineering and Computer Science in the Henry Samueli School of Engineering, and the director of UCI's Secure Systems and Software Laboratory. The purpose of this web page is to give a short overview of my research group's activities.

I greatly welcome feedback. However, if you are a prospective graduate student, please read the specific information page before sending me any email. This also applies to foreign students looking for an "internship" opportunity.

Sincerely,
     Michael Franz

Quick Biography

Prof. Michael Franz was an early pioneer in the areas of mobile code and dynamic compilation. He created an early just-in-time compilation system, contributed to the theory and practice of continuous compilation and optimization, and co-invented the trace compilation technology that eventually became the JavaScript engine in Mozilla's Firefox browser.

His current research emphases lie in the areas of Systems Software, particularly focusing on compilers and virtual machines, in Trustworthy Computing, with a focus on biologically-inspired defenses such as automated code diversity and on information-flow, and in Software Engineering, with an emphasis on software architecture for secure systems and on reducing the trusted code base. Dr. Franz is the Principal Investigator on many competitive grants from the federal government, totaling well over $11M (of which more than $7M as sole PI), and has received well over half a million dollars in unrestricted gifts from industry in appreciation of the research innovations he has contributed.

Franz received a Dr. sc. techn. degree in Computer Science (advisor: Niklaus Wirth) and a Dipl. Informatik-Ing. ETH degree, both from the Swiss Federal Institute of Technology, ETH Zurich. He is a Distinguished Scientist of the Association for Computing Machinery (ACM) and a Senior Member of The Institute of Electrical and Electronics Engineers (IEEE).

(link to full CV)

Contact Information

Secure Systems and Software Laboratory
Department of Computer Science
Donald Bren School of Information & Computer Sciences
University of California, Irvine
Irvine, CA 92717-3435

office: CS Building, Suite 444
email: michael @ michaelfranz.com or franz@uci.edu

Office Hours

By prior email appointment during the summer months. Except during conference travel, I am actually on campus and in my office on most days.

Administrative Assistant

Carolyn Simpson
phone: (949) 824-1546
fax: (949) 824-4056

U.S. Patent on Trace Compilation Awarded (July 2014)

U.S. Patent Number US8769511 "Dynamic Incremental Compiler and Method" was awarded on 1st July 2014; my co-inventor is my former Ph.D. student Andreas Gal who is presently CTO of Mozilla. The patent covers central aspects of our trace compilation technique that became the "TraceMonkey" JavaScript compiler in Firefox 3.5. Note that the patent was filed back in 2007 and took seven years to wind its way through the USPTO.

U.S. Patent on Safe Code Formats Awarded (March 2013)

U.S. Patent Number US8392897 "Safe Computer Code Formats and Methods for Generating Safe Computer Code" was awarded on 5th March 2013; my two co-inventors are a former Ph.D. student and a former PostDoc of mine. The patent covers "safe by construction" techniques for transporting mobile code.

U.S. Patent on Multi-Variant Code Awarded (August 2012)

U.S. Patent Number US08239836 "Multi-variant parallel program execution to detect malicious code injection" was awarded on 7th August 2012; my two co-inventors are former Ph.D. students of mine. The patent covers a variety of techniques for thwarting cyber attacks on software.

IEEE Computer Society Technical Achievement Award (June 2012)

I thank the IEEE Computer Society for awarding me a 2012 Technical Achievement Award. It is a good feeling to be recognized by one's peers and be able to highlight the good work going on here at UC Irvine!

Additionally, the IEEE Orange County Chapter named me a 2012 Outstanding Engineer.

Latest Publications

W. Zhang, P. Larsen, S. Brunthaler, and M. Franz; "Accelerating Iterators in Optimizing AST Interpreters;'' accepted to appear in ACM Research Conference on Object-Oriented Programming (OOPSLA 2014), Portland, Oregon; October 2014.

C. Stancu, Ch. Wimmer, S. Brunthaler, P. Larsen, and M. Franz; "Comparing Points-to Static Analysis with Runtime Recorded Profiling Data;" accepted to appear in 11th International Conference on the Principles and Practice of Programming in Java (PPPJ 2014), Cracow, Poland; September 2014.

P. Larsen, A. Homescu, S. Brunthaler, and M. Franz; "SoK: Automated Software Diversity;" in 35th IEEE Symposium on Security and Privacy, San Jose, California, pp. 276-291; May 2014.

P. Larsen, S. Brunthaler, and M. Franz; "Security through Diversity: Are We There Yet?," in IEEE Security and Privacy, Vol. 12, No. 2, pp. 28-35; March 2014.

G. Savrun-Yeniceri, W. Zhang, H. Zhang, E. Seckler, C. Li, S. Brunthaler, P. Larsen, and M. Franz; "Efficient Hosted Interpreters on the JVM;" in ACM Transactions on Architecture and Code Optimization (TACO), Vol. 11, No. 1, Article No. 9; February 2014.

Ch. Kerschbaumer, E. Hennigan, P. Larsen, S. Brunthaler, and M. Franz; "Information Flow Tracking meets Just-In-Time Compilation;" in 9th International Conference on High-Performance and Embedded Architectures and Compilers (HiPeac 2014), Vienna, Austria, January 2014.

Ch. Kerschbaumer, E. Hennigan, P. Larsen, S. Brunthaler, and M. Franz; "Information Flow Tracking meets Just-In-Time Compilation;" in ACM Transactions on Architecture and Code Optimization (TACO), Vol. 10, No 4, Article No. 38; December 2013.

Ch. Kerschbaumer, E. Hennigan, P. Larsen, S. Brunthaler, and M. Franz; "CrowdFlow: Efficient Information Flow Security;" accepted for publication in 16th Information Security Conference (ISC 2013), Dallas, Texas; November 2013.

A. Homescu, P. Larsen, S. Brunthaler, and M. Franz; "librando: Transparent Code Randomization for Just-in-Time Compilers;" in 20th ACM Conference on Computer and Communications Security (CCS 2013), Berlin, Germany; November 2013. (530 submitted papers, 105 accepted)

G. Savrun-Yeniceri, W. Zhang, H. Zhang, C. Li, P. Larsen, S. Brunthaler, and M. Franz; "Efficient Interpreter Optimizations for the JVM;" in 10th International Conference on the Principles and Practice of Programming in Java (PPPJ'13), Stuttgart, Germany; September 2013.

S. Crane, P. Larsen, S. Brunthaler, and M. Franz; "Booby Trapping Software;" in 2013 New Security Paradigms Workshop (NSPW 2013), Banff, Canada; September 2013.

E. Hennigan, Ch. Kerschbaumer, P. Larsen, S. Brunthaler, and M. Franz; "First-Class Labels: Using Information Flow to Debug Security Holes;" in M. Huth, N. Asokan, S. Capkun, I. Flechais, and L. Coles-Kemp (Eds.), Trust and Trustworthy Computing, 6th International Conference (TRUST 2013), London, United Kingdom, Springer Lecture Notes in Computer Science, Vol. 7904, ISBN 978-3-642-38907-8, pp. 151–168; June 2013.

Ch. Kerschbaumer, E. Hennigan, P. Larsen, S. Brunthaler, and M. Franz; "Towards Precise and Efficient Information Flow Control in Web Browsers;" in M. Huth, N. Asokan, S. Capkun, I Flechais, and L. Coles-Kemp (Eds.), Trust and Trustworthy Computing, 6th International Conference (TRUST 2013), London, United Kingdom, Springer Lecture Notes in Computer Science, Vol. 7904, ISBN 978-3-642-38907-8, pp. 187–195; June 2013.

T. Jackson, A. Homescu, S. Crane, P. Larsen, S. Brunthaler, and M. Franz; "Diversifying the Software Stack Using Randomized NOP Insertion;" in S. Jajodia, A K Ghosh, V. S. Subrahmanian, V Swarup, C. Wang, X. S. Wang (Eds.),Moving Target Defense II: Application of Game Theory and Adversarial Modeling, Springer Advances in Information Security, Vol. 100, ISBN 978-1-4614-5415-1, pp. 151-174; 2013.

A. Homescu, S. Neisius, P. Larsen, S. Brunthaler, and M. Franz; "Profile-guided Automated Software Diversity,"' in 2013 International Symposium on Code Generation and Optimization (CGO 2013), Shenzhen, China; February 2013.

A. Homescu, M. Stewart, P. Larsen, S. Brunthaler, and M. Franz; "Microgadgets: Size Does Matter In Turing-complete Return-oriented Programming,'" in 6th USENIX Workshop on Offensive Technologies (WOOT '12), Bellevue, Washington; August 2012.

Ch. Wimmer, S. Brunthaler, P. Larsen, and M. Franz; "Fine-Grained Modularity and Reuse of Virtual Machine Components;" in 11th Annual International Conference on Aspect-Oriented Software Development (AOSD '12), Potsdam, Germany, ACM Press, ISBN 978-1-4503-1092-5, pp. 203-214; March 2012.

G. Wagner, A. Gal, and M. Franz; “Slimming a Java Virtual Machine by way of Cold Code Removal and Optimistic Partial Program Loading;” in Science of Computer Programming, Vol. 76, No. 11, pp. 1037-1053; November 2011.

M. Chang, B. Mathiske, E. Smith, A. Chaudhuri, M. Bebenita, A Gal, Ch. Wimmer, and M Franz; "The Impact of Optional Type Information on JIT Compilation Of Dynamically Typed Languages" in 7th Dynamic Languages Symposium (DLS 2011), Portland, Oregon, ACM Press, ISBN 978-1-4503-0939-4, pp. 13-24; October 2011.

T. Jackson, B. Salamat, A. Homescu, K. Manivannan, G. Wagner, A. Gal, S. Brunthaler, Ch. Wimmer, and M. Franz; “Compiler-Generated Software Diversity;” in S. Jajodia, A.K. Ghosh, V. Swarup, C. Wang, and X.S. Wang (Eds.), Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats; Springer, ISBN 978-1-4614-0976-2; September 2011.

G. Wagner, A. Gal, Ch. Wimmer, B. Eich and M. Franz; "Compartmental Memory Management in a Modern Web Browser;" in International Symposium on Memory Management (ISMM 2011), San Jose, California; June 2011.

B. Salamat, T. Jackson, G. Wagner, Ch. Wimmer, and M. Franz: "Run-Time Defense against Code Injection Attacks using Replicated Execution ;" In IEEE Transactions on Dependable and Secure Computing. IEEE Computer Society, 2011.

T. Jackson, B. Salamat, G. Wagner, Ch. Wimmer, and M.Franz; “On the Effectiveness of Multi-Variant Program Execution for Vulnerability Detection and Prevention;” in International Workshop on Security Measurements and Metrics (MetriSec 2010), Bolzano-Bozen, Italy; September 2010.

M. Franz; “E unibus pluram: Massive-Scale Software Diversity as a Defense Mechanism;” in New Security Paradigms Workshop 2010 (NSPW 2010), Concord, Massachusetts; September 2010.

M. Bebenita, M. Chang, K. Manivannan, G. Wagner, M. Cintra, B. Mathiske, A. Gal, C. Wimmer, M. Franz; "Trace Based Compilation in Execution Environments Without Interpreters;" in A. Krall, H. Mössenböck (Eds.), 8th International Conference on the Principles and Practice of Programming in Java 2010 (PPPJ 2010), Vienna, Austria, ACM Press, ISBN 978-1-4503-0269-2, pp. 59–68; September 2010.

K. Manivannan, Ch. Wimmer, and M. Franz; “Decentralized Information Flow Control on a Bare-Metal JVM;” in Sixth Annual Cyber Security and Information Intelligence Research Workshop (CSIIRW’10), Oak Ridge National Laboratory, Oak Ridge, Tennessee; April 2010.

T. Jackson, Ch. Wimmer, and M. Franz; “Multi-Variant Program Execution for Vulnerability Detection and Analysis;” in Sixth Annual Cyber Security and Information Intelligence Research Workshop (CSIIRW’10), Oak Ridge National Laboratory, Oak Ridge, Tennessee; April 2010.

Ch. Wimmer and Michael Franz; "Linear Scan Register Allocation on SSA Form;" in International Symposium on Code Generation and Optimization (CGO), Toronto, Canada, ACM Press, ISBN 978-1-60558-635-9, pp. 170–179; April 2010.

A. Yermolovich, Ch. Wimmer, and M. Franz; "Optimization of Dynamic Languages Using Hierarchical Layering of Virtual Machines;" in Proceedings of the 5th Symposium on Dynamic Languages (DLS 2009), Orlando, Florida, ISBN 978-1-60558-769-1, pp. 79–88; October 2009.

Ch. Wimmer, M. Cintra, M. Bebenita, M. Chang, A. Gal, and M. Franz; "Phase Detection using Trace Compilation;" in The 7th International Conference on the Principles and Practice of Programming in Java 2009 (PPPJ 2009), Calgary, Alberta; August 2009.

Ch. Kerschbaumer, G. Wagner, Ch. Wimmer, A. Gal, Ch. Steger, and M. Franz; "SlimVM: A Small Footprint Java Virtual Machine for Connected Embedded Systems;" in The 7th International Conference on the Principles and Practice of Programming in Java 2009 (PPPJ 2009), Calgary, Alberta; August 2009.

W. Amme, J. von Ronne, Ph. Adler, and M. Franz; "The Effectiveness of Producer-Side Machine-Independent Optimizations for Mobile Code;" in Software—Practice and Experience, Vol. 29, No. 10, pp. 923–946; July 2009.

M. Bebenita, M. Chang, A. Gal, and M. Franz; "Stream-Based Dynamic Compilation for Object-Oriented Languages;" in 47th International Conference on Objects, Models, Components, Patterns (TOOLS-EUROPE 2009), Zurich, Switzerland; June 2009.

A. Gal, B. Eich, M. Shaver, D. Anderson, B. Kaplan. G. Hoare, D. Mandelin, B. Zbarsky, J. Orendorff, J. Ruderman, E. Smith, R. Reitmaier, M. R. Haghighat, M. Bebenita, M. Chang, and M Franz; "Trace-based Just-in-Time Type Specialization for Dynamic Languages;" in Programming Language Design and Implementation (PLDI 2009), Dublin, Ireland; June 2009. (34 accepted out of 196 submissions)

B. Salamat, T. Jackson, A. Gal, and M. Franz; "Orchestra: Intrusion Detection Using Parallel Execution and Monitoring of Program Variants in User-Space;" in EuroSys'09, Nürnberg, Germany; April 2009. (25 accepted out of 148 submissions)

M. Franz; "Information-Flow Aware Virtual Machines: Foundations For Trustworthy Computing;" in Cybersecurity Applications and Technologies Conference for Homeland Security (CATCH 2009), Washington, D.C.; March 2009.

E. Yardimci and M. Franz; "Mostly-Static Program Partitioning of Binary Executables;" in ACM Transactions on Programming Languages and Systems (TOPLAS).

M. Chang, E. Smith, R. Reitmaier, A. Gal, M. Bebenita, Ch. Wimmer, B. Eich, and M. Franz; "Tracing for Web 3.0: Trace Compilation for the Next Generation Web Applications;" in The 2009 ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments (VEE 2009), Washington, D.C.; March 2009.

L. Wang and M. Franz; "Automatic Partitioning of Object-Oriented Programs for Resource-Constrained Mobile Devices with Multiple Distribution Objectives;" in The 14th IEEE International Conference on Parallel and Distributed Systems (ICPADS'08), Melbourne, Victoria, Australia, December 2008.

G. Wagner, A. Gal, and M. Franz; "SlimVM: Optimistic Partial Program Loading for Connected Embedded Java Virtual Machines;" in The International Conference on the Principles and Practice on Programming in Java 2008 (PPPJ 2008), Modena, Italy; September 2008. Best Paper Award.

A. Yermolovich, A. Gal, and M. Franz; "Portable Execution of Legacy Binaries on the Java Virtual Machine;" in The International Conference on the Principles and Practice on Programming in Java 2008 (PPPJ 2008), Modena, Italy; September 2008.

A. Gal, Ch. W. Probst, and M. Franz; Java Bytecode Verification via Static Single Assignment Form; in ACM Transactions on Programming Languages and Systems (TOPLAS), Vol. 30, No. 4, Article No. 21, pp. 1-21; July 2008.

E. Yardimci and M. Franz; "Dynamic Parallelization of Binary Executables on Hierarchical Platforms;'' in The Journal of Instruction-Level Parallelism, Vol. 10, Paper 6, ISSN 1942-9525, pp. 1-24; June 2008.

The Economist publishes an article about my research (May 2014)

The article "Divided We Stand" in the 24th May 2014 print edition of The Economist contained an excellent and extremely accessible summary of my recent work on automated software diversity. Kudos to the writer Peter Haynes for explaining things to a general audience in a manner that is so easy to understand.

Christoph Kerschbaumer defends Ph.D. (March 2014)

Congratulations to Christoph Kerschbaumer, who just defended his thesis "Probabilistic Information Flow Control in Modern Web Browsers." He has accepted a position with Mozilla, Mountain View, California, joining Andreas Gal, Michael Bebenita, Gregor Wagner, and Mason Chang, who all also completed their Ph.Ds. in my group and now work at Mozilla full time.

Several Hundred Million People Using Our Research Results Daily

I have been one of the pioneers of dynamic compilation research. My first paper on JIT compilation was published in 1991 and my dissertation, entitled "Code Generation On-The-Fly: A Key To Portable Software," appeared two full years before the announcement of Java. Over the past twenty years, my students and I have worked on different aspects of dynamic compilation, most recently focusing on the development of Trace Compilation on which Andreas Gal and I recently received a U.S. patent.

This work has had substantial impact. The trace compilation technology behind the "TraceMonkey" JavaScript compiler that is built into Mozilla's Firefox browser (since June 2009 / Firefox 3.5) originated in our lab. It is used daily by several hundred million people. More recently, the "Compartmental Memory Management" technique invented by my student Gregor Wagner has also made it into the mainline Firefox distribution (since March 2011 / Firefox 4.0).

Post-Doctoral Researcher Search

I anticipate that one or more full-time Post-doctoral Scholar positions will become available soon and I am looking for capable candidates to join my team. Appointments will be initially for a one year period and will be renewable. These positions require a Ph.D. degree in Computer Science and demonstrated expertise, at the highest level, in the area of compiler construction. The ideal candidate would already have at least one publication in a top conference such as PLDI or CGO, or in a top journal such as TOPLAS.

Current graduate students who fulfill all other requirements but who have not quite yet completed their Ph.Ds. are welcome to apply; however, any offer will be made contingent on successful completion of the degree.

Salary to be between $37,740-$80,880 annually, depending on experience and qualification. Candidates without experience in the area of compilers are not encouraged to apply.

Interested applicants should respond by forwarding a cover memo, Curriculum Vitae, and the names and addresses of three references. Please also be aware that it takes up to 6 months to obtain the necessary work permit for non-U.S. citizens.

The University of California, Irvine is an equal opportunity employer committed to excellence through diversity.

last update: 4th August 2014 - michael @ michaelfranz.com