Seminar in Program Analysis for Reliability and Security

General

Mondays 14:30-16:30, Taub (room TBD)

Instructor: Eran Yahav

In this seminar you will get a taste of current cyber-security threats and program analysis techniques for battling them. For example, using automatic techniques for showing that a web-site is not exposed to certain security vulnerabilities.

We will cover a wide range of approaches, including dynamic program analyses and static program analyses

Talks (under construction)

Date	Topic	References	Presenter	Slides
3/3	Exploitation	Exploiting Social Navigation	Nimrod Partush
3/3	Exploitation	Tracelet-Based Code Search in Executables	Yaniv David
10/3	Exploitation	Floating Car Data from Smartphones: What Google and Waze Know About You and How Hackers Can Control Traffic	Kfir Lev-Ari
10/3	Exploitation	You are how you click: Clickstream analysis for sybil detection	Omer Katz
17/3	Memory Safety - Symbolic	EXE: Automatically Generating Inputs of Death KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs
17/3	Symbolic	Low-Effort Equivalence Verification of Real Code
24/3	Symbolic	Dowsing for Overflows: A Guided Fuzzer to Find Buffer Boundary Violations
24/3	Symbolic	FIE on Firmware: Finding Vulnerabilities in Embedded Systems Using Symbolic Execution
31/3	Static	Who Wrote This Code? Identifying the Authors of Program Binaries
31/3	Static	Towards Automatic Software Lineage Inference
7/4	Memory Safety - Dynamic	DieHard: Probabilistic Memory Safety for Unsafe Languages
7/4	Memory Safety - Dynamic	Exterminator: Automatically Correcting Memory Errors with High Probability
14/4	no seminar (passover)
21/4	no seminar (passover)
28/4	Static	Revolver: An Automated Approach to the Detection of Evasive Web-based Malware
28/4	Dynamic	Rozzle: De-Cloaking Internet Malware
5/5	no seminar (Yom Ha'zikaron)
12/5		Practical Control Flow Integrity & Randomization for Binary Executables
12/5	Dynamic	Differential Slicing: Identifying Causal Execution Differences for Security Applications
19/5	Static	Detecting code clones in binary executables
19/5	Static	Data-Driven Equivalence Checking
26/5	Static	AEG: Automatic Exploit Generation
26/5	Misc	Automatic Patch-Based Exploit Generation is Possible: Techniques and Implications
	Web Apps - Static	The Essence of Command Injection Attacks in Web Applications
	Static	S2E: A Platform for In-Vivo Multi-Path Analysis of Software Systems.
	Static	MOPS: an Infrastructure for Examining Security Properties of Software
	Static	DIVINE: DIscovering Variables IN Executables
	Static	Loop-extended Symbolic Execution: Buffer Overflow Diagnosis and Discovery
	Static	Execution Synthesis: A Technique for Automated Software Debugging
	Static	Automatic Discovery of Deviations in Binary Implementations
	Dynamic	Dynamic test generation to find integer bugs in x86 binary Linux programs
	Scripting Languages - Static	Static Detection of Security Vulnerabilities in Scripting Languages
	Web - Static	VEX: Vetting Browser Extensions For Security Vulnerabilities
	Memory Safety - Static	CCured: Type-Safe Retrofitting of Legacy Code
	Static	Scalable and Systematic Detection of Buggy Inconsistencies in Source Code
	Dynamic	Bug Isolation via Remote Program Sampling
	Dynamic	SigGraph: Brute Force Scanning of Kernel Data Structure Instances Using Graph-based Signatures

• Each student will present a research paper in the seminar.
• You should plan your presentation for 50-70 minutes
• Your presentation must include your own analysis of the paper - what are the good parts, what are the bad parts, what would you do differently, how could you extend the results? (see for example "How to read a research paper?")
• The goal of the seminar is to study program analysis for security, and not to learn powerpoint. Students are encouraged to use/adpat the original slides used to present the paper by its authors. Grading is based on the ability to understand and present the research results in detail.
• Final grade will be determined by 85% quality of the presentation and 15% attendance.

• enrollment only with explicit permission. Send email to yahave@cs.technion.ac.il

• some software horror stories
• more software disasters
• introduction to abstract interpretation, and more in POPL79, here, and more informally here
• Abstract interpretation: a semantics-based tool for program analysis by Jones and Nielson.
• A gentle introduction to formal verification of computer systems by abstract interpretation
• Principles of Program Analysis (book)
• practical success stories: ASTREE SLAM
• cool related projects: TVLA SLAyer Terminator SAFE
• industry: AbsInt Coverity GrammaTech Parasoft Klocwork