log in  |  register  |  feedback?  |  help  |  web accessibility
Logo
Program Analysis for Security
Tuesday, January 30, 2018, 3:00-4:00 pm Calendar
  • You are subscribed to this talk through .
  • You are watching this talk through .
  • You are subscribed to this talk. (unsubscribe, watch)
  • You are watching this talk. (unwatch, subscribe)
  • You are not subscribed to this talk. (watch, subscribe)
Abstract

As computing technology becomes further integrated with our daily lives, we are subjected to increasingly severe security and privacy risks. How can we protect software systems from these risks?  A complete solution requires developing far more secure software from the start. To do so, developers need automated software tools for security analysis, bug finding, verification, and more. Automating these tasks makes development of secure software easier, cheaper, and less error-prone.

In this talk I will present work that tackles new challenges in creating program analyses for security.  First, I will show recent work on finding side-channel attacks.  Programs contain secrets, such as passwords and encryption keys.  Software bugs can cause them to leak secrets directly.  But more insidiously, side channels can leak secrets indirectly, even when software is bug-free.  For example, an attacker can use running time or memory usage measurements to discover a secret value.  Such attacks are challenging to find automatically, because they require new algorithms that integrate disparate properties of a program, including information flow and performance.  I discuss a new static analysis technique for discovering side channel due to running time.

Second, I will reveal the existing limitations of program analysis for highly-configurable systems software.  Such systems, including the Linux kernel, Apache webserver, and the BusyBox toolkit for Internet-of-things devices, form much of our computing infrastructure.  Configurability means this software can run in data centers and IoT devices alike, but it poses a new challenge for program analysis techniques, which typically consider one configuration at a time.  With systems that have more configurations than atoms in the universe, checking each one for security vulnerabilities is infeasible.  I will show how an analysis infrastructure based on new programming language techniques makes it feasible to analyze all configurations simultaneously.

Finally, I will show plans for developing security analyses and bug-finders that are configuration-sensitive.  The challenge is that configurations affect all parts of the program, including types, function definitions, statements, etc, necessitating careful modifications to analysis algorithms. Worse, supporting all configurations introduces a new source of state explosion, requiring new tradeoffs in scalability and precision. These challenges are supported by efficient language representations and configuration-sensitive analyses that manage the configuration explosion problem.  Additionally, I will discuss language design proposals to tackle the problem of configurable systems.  Providing first-class language constructs will enable developers to express configurability safely and software tools to reason about programs more precisely.

Bio

Paul Gazzillo is a research scholar at Stevens Institute of Technology. His research aims to make it easier to develop safe and secure software and spans programming languages, security, software engineering and systems.  Projects include program analyses to find side-channels, concurrent smart contracts, parsing C and the preprocessor, and Makefile analysis.  His worked has been recognized with a SIGPLAN research highlight.  He received his PhD from NYU and has previously worked as a post-doc at Yale.

This talk is organized by Mike Hicks