BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//Memento EPFL//
BEGIN:VEVENT
SUMMARY:Checking the World's Software for Exploitable Bugs
DTSTART:20130604T140000
DTEND:20130604T150000
DTSTAMP:20260407T114552Z
UID:3e97650a55d2191feb80d678863fdb55178dda17e1e095b805ec89c0
CATEGORIES:Conferences - Seminars
DESCRIPTION:Prof. David Brumley\, Carnegie Mellon University\nAttackers on
 ly need to find a single exploitable bug in order to install worms\, bots\
 , and other malware on vulnerable computers. Unfortunately\, developers ra
 rely have the time or resources to fix all bugs. This raises a serious sec
 urity question: which bugs are exploitable\, and thus should be fixed firs
 t? My research teams vision is to automatically check the world's software
  for exploitable bugs. Our approach is based on program verification\, but
  with a twist. Traditional verification takes a program and a specificatio
 n of safety as inputs\, and checks that all execution paths of the program
  meet the safety specification. The twist in AEG is we replace typical saf
 ety properties with an ``un-exploitability'' property\, and the ``verifica
 tion'' process becomes finding a program path in which the un-exploitabili
 ty property does not hold. Our analysis generates working control flow hij
 ack and command injection exploits for exploitable paths. I'll discuss our
  results with a data set of over 1\,000 programs and over 370 days of anal
 ysis time. Despite the large amount of analysis\, there is still much to b
 e done. In the last part of this talk\, I'll describe several of the remai
 ning research challenges.
LOCATION:BC 420 https://plan.epfl.ch/?room==BC%20420
STATUS:CONFIRMED
END:VEVENT
END:VCALENDAR