Michael W. Hicks is a professor in the Department of Computer Science with joint appointments in UMIACS and the Maryland Cybersecurity Center.
His research focuses on using programming languages and analyses to improve the security, reliability, and availability of software. Noteworthy among his research accomplishments is the development of analysis and compilation tools for enabling software to be safely updated without shutting it down. He has explored the design of new programming languages and analysis tools for automatically discovering or remediating software flaws and security vulnerabilities. Hicks has also conducted studies on the utility of defect detection tools according on outcomes of human users, and explored distributed systems design and evaluation, particularly when adaptivity and security are system goals.
During his career, Hicks has published more than 80 refereed conference and journal papers, many in highly selective venues. He won the ACM SIGPLAN Doctoral Dissertation Award in 2001, a National Science Foundation (NSF) CAREER Award in 2003, and has won the Department of Computer Science's Faculty Teaching Award three times. Hicks served as program chair for the 2012 ACM Symposium on the Principles of Programming Languages, the premier venue for theoretical contributions to programming languages.
He received a doctorate in computer and information science from the University of Pennsylvania in 2001, and then spent one year as a postdoctoral associate affiliated with the Information Assurance Institute of the Computer Science Department at Cornell University. During the 2008 academic year, he spent his sabbatical in Cambridge, England visiting Microsoft Research and the University of Cambridge Computer Laboratory.
2011. Lightweight monadic programming in ML. Proceedings of the 16th ACM SIGPLAN international conference on Functional programming. :15-27.
2011. LOCKSMITH: Practical static race detection for C. ACM Trans. Program. Lang. Syst.. 33(1):3:1–3:55-3:1–3:55.
2011. Evaluating Dynamic Software Update Safety Using Systematic Testing. IEEE Transactions on Software Engineering. PP(99):1-1.
2011. Evolution in Action: Using Active Networking to Evolve Network Support for Mobility. IFIP Lecture Notes in Computer Science (LNCS). 2546(2546):146-161.
2011. MultiOtter: Multiprocess Symbolic Execution. Technical Reports of the Computer Science Department.
2011. Directed Symbolic Execution. Static AnalysisStatic Analysis. 6887:95-111.
2011. Dynamic Enforcement of Knowledge-Based Security Policies. Computer Security Foundations Symposium (CSF), 2011 IEEE 24th. :114-128.
2011. State transfer for clear and efficient runtime updates. 2011 IEEE 27th International Conference on Data Engineering Workshops (ICDEW). :179-184.
2011. Dynamic inference of static types for ruby. Proceedings of the 38th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages. :459-472.
2010. Dynamically checking ownership policies in concurrent c/c++ programs. Proceedings of the 37th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages. :457-470.
2010. Adapting Scrum to Managing a Research Group. Technical Reports of the Computer Science Department.
2010. SCORE: agile research group management. Commun. ACM. 53(10):30-31.
2010. Serializing C intermediate representations for efficient and portable parsing. Software: Practice and Experience. 40(3):225-238.
2010. Viewpoint Adapting agile software development methodology toward more efficient management of academic research groups.. Communications of the ACM. 53(10):30-30.
2009. Dynamic software updates: a VM-centric approach. Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation. :1-12.
2009. Tests to the left of me, types to the right: how not to get stuck in the middle of a ruby execution. Proceedings for the 1st workshop on Script to Program Evolution. :14-16.
2009. The ruby intermediate language. SIGPLAN Not.. 44(12):89-98.
2009. Cross-tier, label-based security enforcement for web applications. Proceedings of the 35th SIGMOD international conference on Management of data. :269-282.
2009. Efficient systematic testing for dynamically updatable software. Proceedings of the 2nd International Workshop on Hot Topics in Software Upgrades. :9:1–9:5-9:1–9:5.
2009. A Testing Based Empirical Study of Dynamic Software Update Safety Restrictions. Technical Reports of the Computer Science Department.
2009. Safe and timely updates to multi-threaded programs. SIGPLAN Not.. 44(6):13-24.
2009. A theory of typed coercions and its applications. Proceedings of the 14th ACM SIGPLAN international conference on Functional programming. :329-340.
2009. Passive aggressive measurement with MGRP. SIGCOMM Comput. Commun. Rev.. 39(4):279-290.
2009. Efficient systematic testing for dynamically updatable software. Proceedings of the 2nd International Workshop on Hot Topics in Software Upgrades. :9-9.
2009. Verified enforcement of stateful information release policies. SIGPLAN Not.. 43(12):21-31.
2009. Triaging Checklists: a Substitute for a PhD in Static Analysis. Evaluation and Usability of Programming Languages and Tools (PLATEAU) PLATEAU 2009.
2009. Static type inference for Ruby. Proceedings of the 2009 ACM symposium on Applied Computing. :1859-1866.
2009. Dynamic software updates for Java: A VM-centric approach. Proceedings of the ACM Conference on Programming Language Design and Implementation (PLDI).
2008. Implicit Flows: Can’t Live with ‘Em, Can’t Live without ‘Em. Information Systems SecurityInformation Systems Security. 5352:56-70.
2008. Contextual effects for version-consistent dynamic software updating and safe concurrent programming. Proceedings of the 35th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages. :37-49.
2008. Modular Information Hiding and Type-Safe Linking for C. IEEE Transactions on Software Engineering. 34(3):357-376.
2008. Verified enforcement of automaton-based information release policies. Proceedings of the 2008 Workshop on Programming Languages and Analysis for Security. ACM Press.
2008. Fable: A Language for Enforcing User-defined Security Policies. IEEE Symposium on Security and Privacy, 2008. SP 2008. :369-383.
2008. Dynamic Rebinding for Marshalling and Update, Via Redex-Time and Destruct-Time Reduction. Journal of Functional Programming. 18(04):437-502.
2008. Path projection for user-centered static analysis tools. Proceedings of the 8th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering. :57-63.
2008. Formalizing Soundness of Contextual Effects. Theorem Proving in Higher Order LogicsTheorem Proving in Higher Order Logics. 5170:262-277.
2007. Combining provenance and security policies in a web-based document management system. On-line Proceedings of the Workshop on Principles of Provenance (PrOPr).
2007. Improving software quality with static analysis. Proceedings of the 7th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering. :83-84.
2007. Toward Specifying and Validating Cross-Domain Policies. Technical Reports from UMIACS.
2007. Defeating script injection attacks with browser-enforced embedded policies. Proceedings of the 16th international conference on World Wide Web. :601-610.
2007. Mutatis Mutandis: Safe and predictable dynamic software updating. ACM Trans. Program. Lang. Syst.. 29(4)
2007. Analyzing information flow. Conference on Programming Language Design and Implementation: Proceedings of the 2007 workshop on Programming languages and analysis for security.
2007. Verified Enforcement of Security Policies for Cross-Domain Information Flows. IEEE Military Communications Conference, 2007. MILCOM 2007. :1-7.
2007. Appendix to CMod: Modular Information Hiding and Type-Safe Linking for C. Technical Reports of the Computer Science Department.
2007. Automated detection of persistent kernel control-flow attacks. Proceedings of the 14th ACM conference on Computer and communications security. :103-115.
2006. Context-sensitive correlation analysis for detecting races. Proceedings of the ACM Conference on Programming Language Design and Implementation (PLDI). :320-331.
2006. LOCKSMITH: context-sensitive correlation analysis for race detection. SIGPLAN Not.. 41(6):320-331.
2006. Practical dynamic software updating for C. SIGPLAN Not.. 41(6):72-83.
2006. Managing policy updates in security-typed languages. 19th IEEE Computer Security Foundations Workshop, 2006. :13pp.-216-13pp.-216.
2006. Trusted declassification:: high-level policy for a security-typed language. Proceedings of the 2006 workshop on Programming languages and analysis for security. :65-74.
2006. Safe manual memory management in Cyclone. Science of Computer Programming. 62(2):122-144.
2006. Existential Label Flow Inference Via CFL Reachability. Static AnalysisStatic Analysis. 4134:88-106.
2005. Dynamic software updating. ACM Trans. Program. Lang. Syst.. 27(6):1049-1096.
2005. Dynamic updating of information-flow policies. Proceedings of the International Workshop on Foundations of Computer Security (FCS).
2005. Merging Network Measurement with Data Transport. Passive and Active Network MeasurementPassive and Active Network Measurement. 3431:368-371.
2005. Cyclone: A type-safe dialect of C. C/C++ Users Journal. 23(1):112-139.
2005. Mutatis mutandis: safe and predictable dynamic software updating. Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages. :183-194.
2005. Understanding source code evolution using abstract syntax tree matching. Proceedings of the 2005 international workshop on Mining software repositories. :1-5.
2005. Toward on-line schema evolution for non-stop systems. 11th High Performance Transaction Systems Workshop.
2005. Dynamic inference of polymorphic lock types. Science of Computer Programming. 58(3):366-383.
2005. Tagged Sets: A Secure and Transparent Coordination Medium. Coordination Models and LanguagesCoordination Models and Languages. 3454:193-205.
2004. Experience with safe manual memory-management in cyclone. Proceedings of the 4th international symposium on Memory management. :73-84.
2003. A secure PLAN. IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews. 33(3):413-426.
2003. Safe and flexible memory management in Cyclone. Technical Reports from UMIACS.
2003. User-specified adaptive scheduling in a streaming media network. 2003 IEEE Conference on Open Architectures and Network Programming. :87-96.
2003. Formalizing dynamic software updating. Proceedings of the Second International Workshop on Unanticipated Software Evolution (USE).
2003. Dynamic rebinding for marshalling and update, with destruct-time ? Proceedings of the eighth ACM SIGPLAN international conference on Functional programming. :99-110.
2002. A secure PLAN (extended version). DARPA Active NEtworks Conference and Exposition, 2002. Proceedings. :224-237.