February 27, 2008: Seminar: Mary Lou Soffa: "Path-Sensitive Analysis for Security Flaws"
The University of Illinois at Chicago
Department of Computer Science
2007-2008 Distinguished Lecturer Seminar Series
Path-Sensitive Analysis for Security Flaws
Mary Lou Soffa
Thursday, March 13, 2008
Department of Computer Science
University of Virginia
11:00 a.m., Room 1000 SEO
Despite increasing efforts in detecting and managing software security flaws, the number of security attacks is still rising every year. As software becomes more complex, security flaws are more easily introduced into a system and more difficult to eliminate. The overall goal of this research is to develop a framework for detecting and managing security flaws, with the key idea being the development of static analysis tools to determine program paths that lead to various types of vulnerabilities. This talk describes a path-sensitive analysis for buffer overflow detection. The novelty of the work is that we develop a path-sensitive analysis using a demand-driven algorithm, to provide both precision and scalability. We first develop a vulnerability model for buffer overflow and then use the model in the development of the demand-driven path-sensitive analysis. Our analysis starts at the program points where an overflow possibly can occur. A partial reversal of the dataflow analysis is performed to determine the types of paths with regard to feasibility and vulnerability, including the severity of the vulnerability. Our experiments show that we are able to detect and classify more buffer overflows than current tools, and the analysis scales to more than 570,000 lines of code. We also provide information about buffer overflow to help with the identification and removal of the root cause.
Mary Lou Soffa is the Chair of the Department of Computer Science and the Owens R. Cheatham Professor of Sciences at the University of Virginia. Prior to her current appointment, she was a Professor at the University of Pittsburgh and also served as the Graduate Dean in Arts and Sciences. Her general research interests are in programming languages/compilers and software engineering. Her current focus is on optimizing compilers, program analysis, virtual execution environments, testing and debugging.
In 1999, Mary Lou was selected as an ACM Fellow and received the Presidential Award for Excellence in Science, Mathematics and Engineering Mentoring. . She received the SIGPLAN Service Award in 2003 and the Nico Habermann Award from the Computer Research Association (CRA) in 2006. She has worked to increase the participation of women and underrepresented minorities for many years. She serves on the CRA-W Committee and was the co-chair from 1999-2002. She co-founded the CRA-W Graduate Cohort Program and the CRA-W Cohort for Associate Professors. She has been a member of a number of Editorial Boards, and conference chair, program chair, and on the program committee for numerous conferences. She recently was the Program Co-Chair for ICSE-06 and is currently the Conference Chair for CGO-08 and ASPLOS-09.
Host: Professor Lenore Zuck