General
Mondays 14:30-16:30, Taub 4
Instructor: Eran Yahav
In this seminar you will get a taste of current cyber-security threats and program analysis techniques for battling them. For example, using automatic techniques for showing that a web-site is not exposed to certain security vulnerabilities.
We will cover a wide range of approaches, including dynamic program analyses, static program analyses, and language based security.
Lectures
Tentative Schedule
28/2/2011
We are fortunate to have a guest lecture by Adi Sharabani, who is going to speak about cyber-security threats and how they are used in the wild.
Adi Sharabani is in charge of the IBM Rational security strategy and architecture. As part of his role, Adi is responsible for leading, designing, and deploying overall security processes within the IBM Rational development groups. Adi was formerly the head the IBM Rational Application Security Research, responsible for research activities on web application security as well as the security logic of the AppScan product suite. In addition to his roles at IBM, Adi is also a high school teacher where he invests much time in teaching and education of the future generation. You can read more about Adi and his team at http://blog.watchfire.com
Grades
View GradesTalks
Grading
- Each student will present a research paper in the seminar.
- You should plan your presentation for 50-70 minutes
- Your presentation must include your own analysis of the paper - what are the good parts, what are the bad parts, what would you do differently, how could you extend the results? (see for example "How to read a research paper?")
- The goal of the seminar is to study program analysis for security, and not to learn powerpoint. Students are encouraged to use/adpat the original slides used to present the paper by its authors. Grading is based on the ability to understand and present the research results in detail.
- Final grade will be determined by 85% quality of the presentation and 15% attendance.
Enrollment
- enrollment only with explicit permission. Send email to yahave@cs.technion.ac.il
Resources
- some software horror stories
- more software disasters
- introduction to abstract interpretation, and more in POPL79, here, and more informally here
- Abstract interpretation: a semantics-based tool for program analysis by Jones and Nielson.
- A gentle introduction to formal verification of computer systems by abstract interpretation
- Principles of Program Analysis (book)
- practical success stories: ASTREE SLAM
- cool related projects: TVLA SLAyer Terminator SAFE
- industry: AbsInt Coverity GrammaTech Parasoft Klocwork