报告人简介:
Dr. LIANG Zhenkai is an assistant professor of the School of Computing, National University of Singapore. His main research interests are in system and software security, web security, and software debugging. He has been working on solutions in malicious program analysis and confinement, malicious JavaScript prevention in the browser environment, and software error detection and debugging techniques. As a co-author, he received the ACM SIGSOFT Distinguished Paper Award at ESEC/FSE in 2009, the Best Paper Award at USENIX Security Symposium in 2007, and the Outstanding Paper Award at the Annual Computer Security Applications Conference (ACSAC) in 2003. He also received the Young Investigator Award of National University of Singapore in 2008. He received a Ph.D. degree in Computer Science from Stony Brook University in 2006, a B.S. degree in Computer Science and a B.S. degree in Economics from Peking University in 1999.
摘要:
Binary program analysis has important applications in software security, error detection, and debugging techniques. We have developed techniques to perform dynamic and static binary analysis, for example, building symbolic formula to represent how a program processes inputs. In this talk, we discuss several of our solutions in applying such techniques to compare software for error detection and software debugging. First, we introduce an automated approach to detect software errors by finding deviations in two implementations of a specification, i.e., differences in the way they process their inputs. We show how symbolic formula can be used to compare programs effectively to reveal deviations. Second, we show an approach for debugging software errors in evolving programs or programs from the same specification. Given two programs (a reference, stable program and a new, modified program) and an input that fails on the modified program, our approach uses concrete as well as symbolic execution to synthesize new inputs that differ marginally from the failing input in their control flow behavior. A comparison of the execution traces of the failing input and the new inputs provides critical clues to the root-cause of the failure. We also introduce the underlying binary analysis platform, BitBlaze, and its other applications in debugging and system security.
Error Detection and Debugging through Software Binary Analysis and Comparison
地点:446会议室
主讲人:Dr. LIANG Zhenkai
报告人简介:
Dr. LIANG Zhenkai is an assistant professor of the School of Computing, National University of Singapore. His main research interests are in system and software security, web security, and software debugging. He has been working on solutions in malicious program analysis and confinement, malicious JavaScript prevention in the browser environment, and software error detection and debugging techniques. As a co-author, he received the ACM SIGSOFT Distinguished Paper Award at ESEC/FSE in 2009, the Best Paper Award at USENIX Security Symposium in 2007, and the Outstanding Paper Award at the Annual Computer Security Applications Conference (ACSAC) in 2003. He also received the Young Investigator Award of National University of Singapore in 2008. He received a Ph.D. degree in Computer Science from Stony Brook University in 2006, a B.S. degree in Computer Science and a B.S. degree in Economics from Peking University in 1999.
摘要:
Binary program analysis has important applications in software security, error detection, and debugging techniques. We have developed techniques to perform dynamic and static binary analysis, for example, building symbolic formula to represent how a program processes inputs. In this talk, we discuss several of our solutions in applying such techniques to compare software for error detection and software debugging. First, we introduce an automated approach to detect software errors by finding deviations in two implementations of a specification, i.e., differences in the way they process their inputs. We show how symbolic formula can be used to compare programs effectively to reveal deviations. Second, we show an approach for debugging software errors in evolving programs or programs from the same specification. Given two programs (a reference, stable program and a new, modified program) and an input that fails on the modified program, our approach uses concrete as well as symbolic execution to synthesize new inputs that differ marginally from the failing input in their control flow behavior. A comparison of the execution traces of the failing input and the new inputs provides critical clues to the root-cause of the failure. We also introduce the underlying binary analysis platform, BitBlaze, and its other applications in debugging and system security.