I am researching Security and Software Engineering as Ph.D. Candidate at the Computer Science Department, William & Mary. I am Co-advised by Dr. Adwait Nadkarni and Dr. Denys Poshyvanyk, as part of the SPL and SEMERU research groups. Using software engineering research techniques, I create systematic evaluation frameworks that can help improve security focused techniques or software.
This work questions the existing design priorities and choices of Static Analysis-based Security Testing (SAST) tools, a multi-billion dollar, decades-old industry. By examining practitioners' perspectives in the context of security, I identified critical gaps that need to be addressed to effectively apply SASTs for building secure software and services [1].
@inproceedings{ami-fn-oakland24,
author = {Ami, Amit Seal and Moran, Kevin and Poshyvanyk, Denys and Nadkarni, Adwait},
title = {{"False negative - that one is going to kill you" - Understanding Industry Perspectives of Static Analysis based Security Testing}},
booktitle = {Proceedings of the 2024 IEEE Symposium on Security and Privacy (S\&P)},
address = {San Francisco, CA, USA},
year = {2024},
publisher = {IEEE Computer Society},
month = may,
note = {to be published in},
month_numeric = {5}
}
Amit's research has uncovered over 20 critical flaws in popular security tools, improving the security of software used by billions worldwide. Amit has mentored numerous students and developed an outreach program connecting W&M CSCI faculty with students at his alma mater, IIT-D, enabling collaborative capstone projects. As the COVES fellow, he worked closely with the Joint Commission on Technology and Science (JCOTS) to improve existing security policies for information technology in the state. His record of service and leadership is unparalleled among graduate students.
My research on security, particularly improving the state of the Static Analysis based Security Testing, was competitively selected and has been graciously supported in part by the Coastal Virginia Commonwealth Cyber Initiative (CoVA CCI) Dissertation Fellowship from 2021 to 2023. This support has led to several works on systematically evaluating, and understanding the factors that influence the practicality of SAST tools in practice, which have been published at top tier security and software engineering venues, including the IEEE S&P 2024.
I used my security and privacy research background to analyze consumer data policies related to the Internet of
Things (IoT), NextGen TVs, and accessibility tools for higher education. Based on these, I recommended measures
to strengthen consumer privacy in these areas and created primers to help policymakers better understand key
concepts. I was invited to share the policy-related findings and suggestions at the JCOTS Meeting, where the
chairman agreed and stressed that JCOTS needs to consider not only public policy creation but also enforcement
as I mentioned.
You can learn more about me in the About section, or see photos of my activities in the Photo Gallery.