Seminar in Program Analysis for Cyber-Security

General

Mondays 14:30-16:30, Taub 4

Instructor: Eran Yahav

In this seminar you will get a taste of current cyber-security threats and program analysis techniques for battling them. For example, using automatic techniques for showing that a web-site is not exposed to certain security vulnerabilities.

We will cover a wide range of approaches, including dynamic program analyses, static program analyses, and language based security.

Tentative Schedule

28/2/2011

We are fortunate to have a guest lecture by Adi Sharabani, who is going to speak about cyber-security threats and how they are used in the wild.

Adi Sharabani is in charge of the IBM Rational security strategy and architecture. As part of his role, Adi is responsible for leading, designing, and deploying overall security processes within the IBM Rational development groups. Adi was formerly the head the IBM Rational Application Security Research, responsible for research activities on web application security as well as the security logic of the AppScan product suite. In addition to his roles at IBM, Adi is also a high school teacher where he invests much time in teaching and education of the future generation. You can read more about Adi and his team at http://blog.watchfire.com

Grades

View Grades

Talks

Date	Topic	References	Presenter	Slides
7/3	Misc	Automatic Patch-Based Exploit Generation is Possible: Techniques and Implications	Nimrod	[pptx]
7/3	Scripting Languages - Static	Gatekeeper: Mostly Static Enforcement of Security and Reliability Policies for JavaScript Code	Michael	[ppt]
14/3	Dynamic	Dynamic test generation to find integer bugs in x86 binary Linux programs	Karine	[pdf]
14/3	Static	Staged Information Flow for JavaScript	Haggai	[pdf]
21/3	Memory Safety - Static	CCured: Type-Safe Retrofitting of Legacy Code	Anastasia	[pptx]
21/3	Memory Safety - Dynamic	EXE: Automatically Generating Inputs of Death KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs	Yoni	[pptx]
28/3	Web - Static	XFI: Software Guards for System Address Spaces	Muli	[pdf]
28/3	Memory Safety - Static	CSSV: towards a realistic tool for statically detecting all buffer overflows in C	Ittay	[pptx]
4/4	Web Apps - Static	The Essence of Command Injection Attacks in Web Applications	Alon	[ppt]
4/4	Static	TaintScope: A Checksum-Aware Directed Fuzzing Tool for Automatic Software Vulnerability Detection	Maya	[pptx]
11/4	Web Apps - Static	Sound and Precise Analysis of Web Applications for Injection Vulnerabilities	Ron K.	[ppt]
11/4	Web - Static	VEX: Vetting Browser Extensions For Security Vulnerabilities	Doron	[pptx]
18/4	no seminar
25/4	no seminar
2/5	Web - Static	Using Static Analysis for Ajax Intrusion Detection	Elina	[pptx]
2/5	Scripting Languages - Static	A Symbolic Execution Framework for JavaScript	Itamar
9/5	no seminar
16/5	Memory Safety - Dynamic	DieHard: Probabilistic Memory Safety for Unsafe Languages	David R.	[pptx]
16/5	Web - Hybrid	NOZZLE: A Defense Against Heap-spraying Code Injection Attacks	Ron G.
23/5	Dynamic	All You Ever Wanted to Know About Dynamic Taint Analysis and Forward Symbolic Execution	Amit P.
23/5	Information Flow - Static	Merlin: Specification Inference for Explicit Information Flow Problems	Daria
30/5	Web Apps - Language	Secure Web Applications via Automatic Partitioning (SWIFT)	More
30/5	Static	MOPS: an Infrastructure for Examining Security Properties of Software	Nir
6/6	no seminar
13/6	Dynamic	Input Generation via Decomposition and Re-Stitching: Finding Bugs in Malware	Yeonatan
13/6	Static	DIVINE: DIscovering Variables IN Executables	Cynthia
20/6	Static	Analysis-Resistant Malware	Yaniv
20/6	Misc	Synthesizing Near-Optimal Malware Specifications from Suspicious Behaviors	Ilya
to be scheduled	Scripting Languages - Static	Static Detection of Security Vulnerabilities in Scripting Languages	Dan G.

• Each student will present a research paper in the seminar.
• You should plan your presentation for 50-70 minutes
• Your presentation must include your own analysis of the paper - what are the good parts, what are the bad parts, what would you do differently, how could you extend the results? (see for example "How to read a research paper?")
• The goal of the seminar is to study program analysis for security, and not to learn powerpoint. Students are encouraged to use/adpat the original slides used to present the paper by its authors. Grading is based on the ability to understand and present the research results in detail.
• Final grade will be determined by 85% quality of the presentation and 15% attendance.

• enrollment only with explicit permission. Send email to yahave@cs.technion.ac.il

• some software horror stories
• more software disasters
• introduction to abstract interpretation, and more in POPL79, here, and more informally here
• Abstract interpretation: a semantics-based tool for program analysis by Jones and Nielson.
• A gentle introduction to formal verification of computer systems by abstract interpretation
• Principles of Program Analysis (book)
• practical success stories: ASTREE SLAM
• cool related projects: TVLA SLAyer Terminator SAFE
• industry: AbsInt Coverity GrammaTech Parasoft Klocwork