Blog Archives

USCC 2017 – Program Analysis for Cybersecurity (PAC)

Abstract: From bug hunting to exploit development to securing software systems, program analysis is a common thread that ties together multiple fields of software security. This training is targeted at individuals with little or no program analysis experience. Instead of simply learning how to break things, this training focuses on the challenges involved in securing […]

Categories: Tutorials

MILCOM 2017 – Learn to Analyze and Verify Large Software for Cybersecurity and Safety

Abstract:  Massive software systems are being built the way Egyptians were building pyramids, with the sheer force of human labor.  Agile development, programming languages, component libraries, and integrated development environments, help but they have not brought down the cost of developing and maintaining software. Software projects continue to run over projected budgets and schedule. The […]

Categories: Tutorials, Upcoming

MILCOM 2016 – Discovering Information Leakage Using Visual Program Models

Abstract:  This tutorial is about new genera of information leakage vulnerabilities, far more difficult to detect than the vulnerabilities that have previously dominated the software security landscape. We will survey attacks that have exploited information leakage vulnerabilities to steal sensitive information. We will show how to discover information leakage vulnerabilities using techniques and tools for […]

Categories: Tutorials

ISSRE 2016 – Mission-Critical Software Assurance Engineering ­Beyond Testing, Bug Finders, Metrics, Reliability Analysis, and Formal Verification

Abstract:  Today, mission-critical software assurance engineering must encompass both safety and cyber-security. Critical missions, whether in defense, government, banking, or healthcare depend on ensuring that a system meets safety requirements, and it does not fail under cyber attack. Mobile, cloud and Internet of Things (IoT) have made software assurance integral to our everyday lives, whether […]

Categories: Tutorials

ASE 2016 – Learn to Build Automated Software Analysis Tools with Graph Paradigm and Interactive Visual Framework

Abstract: Software analysis has become complex enough to be intimidating to new students and professionals. It can be difficult to know where to start with over three decades of staggering research in data and control flow analyses and a plethora of analysis frameworks to choose from, ranging in maturity, support, and usability. While textbooks, surveys […]

Categories: Tutorials

ICISS 2015 – Program Analysis and Reasoning for Hard to Detect Software Vulnerabilities

Abstract: Software is everywhere and so are software vulnerabilities, affecting individuals, companies and nations. Deliberately planted software vulnerabilities (“malware”) have ravaged nuclear reactors and unintended software vulnerabilities (“bugs”) have recently caused all American Airlines planes to be grounded for hours. Software vulnerabilities elude regression testing because their occurrence often depends on intricate sequences of low-probability […]

Categories: Tutorials

ISSRE 2015 – Hard Problems at the Intersection of Cybersecurity and Software Reliability

Abstract: This tutorial is aimed at the audience interested in knowing how software reliability and cybersecurity converge in terms of intrinsic hard problems, and how that knowledge can be useful for advancing the research and practice in both fields. This tutorial is based on our research in three Defense Advanced Research Projects Agency (DARPA) projects […]

Categories: Tutorials

ASE 2015 – Computer-aided Collaborative Validation of Large Software

Abstract: Neither manual nor totally automated discovery of software vulnerabilities is practical. Manual discovery requires extremely laborious work by highly skilled software analysts and totally automated discovery is riddled with intractable problems. This tutorial introduces a novel practical approach for machine-enabled human-in-the-loop discovery of software vulnerabilities, and is based on “amplifying human intelligence” rather than […]

Categories: Tutorials

MILCOM 2015 – Practical Program Analysis for Discovering Android Malware

Abstract: The growing threat of malware in embedded systems and the possibility of adversaries crafting one-of-a-kind sophisticated malware as a catastrophic cyberweapon makes malware detection a high priority topic for advanced research, college education, and professional training. There is a need for automated detection tools for commercial applications as well as a need for sophisticated […]

Categories: Tutorials