Blog Archives

ICSE 2018 – COMB: Computing Relevant Program Behaviors

Abstract: The paper presents COMB, a tool to improve accuracy and efficiency of software engineering tasks that hinge on computing all relevant program behaviors. Computing all behaviors and selecting the relevant ones is computationally intractable. COMB uses Projected Control Graph (PCG) abstraction to derive the relevant behaviors directly and efficiently. The PCG is important as […]

Categories: Papers, Upcoming

MILCOM 2017 – Learn to Analyze and Verify Large Software for Cybersecurity and Safety

Abstract:  Massive software systems are being built the way Egyptians were building pyramids, with the sheer force of human labor.  Agile development, programming languages, component libraries, and integrated development environments, help but they have not brought down the cost of developing and maintaining software. Software projects continue to run over projected budgets and schedule. The […]

Categories: Tutorials

ICISS 2017 – Human-on-the-loop Automation for Detecting Software Side-Channel Vulnerabilities

Abstract: Software side-channel vulnerabilities (SSCVs) allow an attacker to gather secrets by observing the differential in the time or space required for executing the program for different inputs. Detecting SSCVs is like searching for a needle in the haystack, not knowing what the needle looks like. Detecting SSCVs requires automation that supports systematic exploration to […]

Categories: Papers, Upcoming

Derbycon 7 – JReFrameworker: One Year Later

Abstract:  JReFrameworker is a Java bytecode manipulation tool released at DEFCON 24 that lowers the barrier to entry for developing Managed Code Rootkits in the Java Virtual Machine. Bytecode manipulations are written entirely in source code, removing the need for any pre-requisite knowledge of bytecode internals and allowing anyone with a basic working knowledge of […]

Categories: Talks

APSEC 2017 – Intelligence Amplifying Loop Characterizations for Detecting Algorithmic Complexity Vulnerabilities

Abstract: Algorithmic complexity vulnerabilities (ACVs) can be exploited to cause denial-of-service. Detecting ACVs is hard because of the numerous kinds of loop complexities that cause ACVs. This renders automatic detection intractable for ACVs. State-of-the-art loop analyses aim to obtain precise loop iteration bounds automatically; they can do so for relatively simple loops. This research focuses […]

Categories: Papers, Upcoming

2017 Winter Simulation Conference – Modeling Lessons from Verifying Large Software Systems for Safety and Security

Abstract: Verifying software in mission-critical Cyber-Physical Systems (CPS) is an important but daunting task with challenges of accuracy and scalability. This paper discusses lessons learned from verifying properties of the Linux kernel. These lessons have raised questions about traditional verification approaches, and have led us to a model-based approach for software verification. These models are […]

Categories: Papers, Upcoming

DEFCON 25 Darknet Challenge

Overview: As described at dcdark.net: The DarkNet was inspired by a community concept of the same name presented in Daniel Suarez’s seminal books, “Daemon” and “Freedom.” In it, an autonomous artificial intelligence implemented by the visionary Matthew A. Sobol and activated by news of his death comes to “life” and begins recruiting people to embark on […]

Categories: Competitions

USCC 2017 – Program Analysis for Cybersecurity (PAC)

Abstract: From bug hunting to exploit development to securing software systems, program analysis is a common thread that ties together multiple fields of software security. This training is targeted at individuals with little or no program analysis experience. Instead of simply learning how to break things, this training focuses on the challenges involved in securing […]

Categories: Tutorials

MathWorks 2017 Research Summit – Demystifying Cybersecurity for CPS Community

Abstract: It is challenging for the cyber-physical systems (CPS) community to understand the essentials of cybersecurity. “Security Patch” or the “Kill Switch for WannaCry” jargon is at best oversimplified and superficial to convey essential cybersecurity knowledge. Cybersecurity problems are often rooted in the complex CPS software. For the CPS community, the challenge is to understand […]

Categories: Talks

NIT Patna – Learn to Understand, Analyze, and Verify Large Software

Abstract: Massive software systems are being built the way Egyptians were building pyramids, with the sheer force of human labor. Agile development, programming languages, component libraries, and integrated development environments, help but they have not brought down the cost of developing and maintaining software. Software projects continue to run over projected budgets and schedule. The […]

Categories: Short Courses