General

Mondays 14:30-16:30, Taub 4

Instructor: Eran Yahav

In this seminar you will get a taste of current cyber-security threats and program analysis techniques for battling them. For example, using automatic techniques for showing that a web-site is not exposed to certain security vulnerabilities.

We will cover a wide range of approaches, including dynamic program analyses and static program analyses

Lectures

Schedule

12/3/2012

We are fortunate to kick off the seminar with a guest lecture by Ben Livshits from Microsoft Research.

Ben Livshits is a researcher at Microsoft Research in Redmond, WA and an affiliate professor at the University of Washington. Originally from St. Petersburg, Russia, he received a bachelor's degree in Computer Science and Math from Cornell University in 1999, and his M.S. and Ph.D. in Computer Science from Stanford University in 2002 and 2006, respectively. Dr. Livshits' research interests include application of sophisticated static and dynamic analysis techniques to finding errors in programs. Ben has published papers at PLDI, POPL, Oakland Security, Usenix Security, CCS, SOSP, ICSE, FSE, and many other venues. He is known for his work in software reliability and especially tools to improve software security, with a primary focus on approaches to finding buffer overruns in C programs and a variety of security vulnerabilities (cross-site scripting, SQL injections, etc.) in Web-based applications.

Talks (under construction)

Date Topic References Presenter Slides
19/3 Memory Safety - Dynamic DieHard: Probabilistic Memory Safety for Unsafe Languages Yael Kazaz [pptx]
19/3 Memory Safety - Dynamic Exterminator: Automatically Correcting Memory Errors with High Probability Maor Veitsman [pptx]
27/3 Static AEG: Automatic Exploit Generation Amir Hardon
9/4 no seminar (passover)
16/4 Web Apps - Static The Essence of Command Injection Attacks in Web Applications Nir Rozenbaum [ppt]
16/4 Memory Safety - Dynamic EXE: Automatically Generating Inputs of Death
KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs
Ron B.I. [pptx]
23/4 no seminar (virtual Thursday)
30/4 Static S2E: A Platform for In-Vivo Multi-Path Analysis of Software Systems. Bar Weiner
30/4 Static MOPS: an Infrastructure for Examining Security Properties of Software Hila
7/5 Static DIVINE: DIscovering Variables IN Executables Haim
7/5 Static Who Wrote This Code? Identifying the Authors of Program Binaries Gregory Horev
14/5 Dynamic Differential Slicing: Identifying Causal Execution Differences for Security Applications Tal
14/5 Static Loop-extended Symbolic Execution: Buffer Overflow Diagnosis and Discovery Noa Packer
21/5 Misc Automatic Patch-Based Exploit Generation is Possible: Techniques and Implications Anat Berki [pptx]
21/5 Static Execution Synthesis: A Technique for Automated Software Debugging Anat Etzion
28/5 Static Automatic Discovery of Deviations in Binary Implementations Amir B.
28/5 Dynamic Dynamic test generation to find integer bugs in x86 binary Linux programs Gil Elgrably [pdf]
4/6 Scripting Languages - Static Static Detection of Security Vulnerabilities in Scripting Languages Gil Fruchter
4/6 Web - Static VEX: Vetting Browser Extensions For Security Vulnerabilities Ari Zigler [pptx]
11/6 no seminar
18/6 Memory Safety - Static CCured: Type-Safe Retrofitting of Legacy Code Yoni & Yuval [pptx]
18/6 Static Scalable and Systematic Detection of Buggy Inconsistencies in Source Code Marina & Efrat
25/6 Dynamic Bug Isolation via Remote Program Sampling Michael B.
25/6 Dynamic Binary-Code Obfuscations in Prevalent Packer Tools Yogev
xx/x Static Low-Effort Equivalence Verification of Real Code
xx/x Dynamic SigGraph: Brute Force Scanning of Kernel Data Structure Instances Using Graph-based Signatures

Grading

  • Each student will present a research paper in the seminar.
  • You should plan your presentation for 50-70 minutes
  • Your presentation must include your own analysis of the paper - what are the good parts, what are the bad parts, what would you do differently, how could you extend the results? (see for example "How to read a research paper?")
  • The goal of the seminar is to study program analysis for security, and not to learn powerpoint. Students are encouraged to use/adpat the original slides used to present the paper by its authors. Grading is based on the ability to understand and present the research results in detail.
  • Final grade will be determined by 85% quality of the presentation and 15% attendance.

Enrollment

  • enrollment only with explicit permission. Send email to yahave@cs.technion.ac.il

Resources