General
Mondays 14:30-16:30, Taub 4
Instructor: Eran Yahav
In this seminar you will get a taste of current cyber-security threats and program analysis techniques for battling them. For example, using automatic techniques for showing that a web-site is not exposed to certain security vulnerabilities.
We will cover a wide range of approaches, including dynamic program analyses and static program analyses
Lectures
Schedule
12/3/2012
We are fortunate to kick off the seminar with a guest lecture by Ben Livshits from Microsoft Research.
Ben Livshits is a researcher at Microsoft Research in Redmond, WA and an affiliate professor at the University of Washington. Originally from St. Petersburg, Russia, he received a bachelor's degree in Computer Science and Math from Cornell University in 1999, and his M.S. and Ph.D. in Computer Science from Stanford University in 2002 and 2006, respectively. Dr. Livshits' research interests include application of sophisticated static and dynamic analysis techniques to finding errors in programs. Ben has published papers at PLDI, POPL, Oakland Security, Usenix Security, CCS, SOSP, ICSE, FSE, and many other venues. He is known for his work in software reliability and especially tools to improve software security, with a primary focus on approaches to finding buffer overruns in C programs and a variety of security vulnerabilities (cross-site scripting, SQL injections, etc.) in Web-based applications.
Talks (under construction)
Grading
- Each student will present a research paper in the seminar.
- You should plan your presentation for 50-70 minutes
- Your presentation must include your own analysis of the paper - what are the good parts, what are the bad parts, what would you do differently, how could you extend the results? (see for example "How to read a research paper?")
- The goal of the seminar is to study program analysis for security, and not to learn powerpoint. Students are encouraged to use/adpat the original slides used to present the paper by its authors. Grading is based on the ability to understand and present the research results in detail.
- Final grade will be determined by 85% quality of the presentation and 15% attendance.
Enrollment
- enrollment only with explicit permission. Send email to yahave@cs.technion.ac.il
Resources
- some software horror stories
- more software disasters
- introduction to abstract interpretation, and more in POPL79, here, and more informally here
- Abstract interpretation: a semantics-based tool for program analysis by Jones and Nielson.
- A gentle introduction to formal verification of computer systems by abstract interpretation
- Principles of Program Analysis (book)
- practical success stories: ASTREE SLAM
- cool related projects: TVLA SLAyer Terminator SAFE
- industry: AbsInt Coverity GrammaTech Parasoft Klocwork