Seminars & Colloquia
Informatics and Computer Science, Indiana University at Bloomington
"Mitigating Program Authorization Failures with Automatic Program Analysis "
Thursday November 20, 2008 02:30 PM
Location: 3211, EBII NCSU Centennial Campus
(Visitor parking instructions)
This talk is part of the System Research Seminar series
Abstract: Program authorization failures happen when an application fails to enforce necessary security policies. This could come from security mis-configurations or faults in policy enforcement mechanisms. Effective mitigation of this threat relies on knowledge of an application's security policies, and the techniques for hardening a weak enforcement mechanism. In this talk, I present two new techniques: ConfigRE and LeapFrog. ConfigRE automatically analyzes an application's binary executable to acquire the specifications for security policy configurations. This enables an automatic extraction of security policies from an application, which is a foundation for misconfiguration detection. LeapFrog retrofits a binary executable with dataflow control mechanism, without incurring a significant performance overhead.
Short Bio: XiaoFeng Wang is an assistant professor in the School of Informatics at Indiana University at Bloomington. He received his Ph.D. in Computer Engineering from Carnegie Mellon University in 2004. His research interests span all areas of computer and communication security. Particularly, he is carrying out active research on system and network security (including automatic program analysis, malware detection and containment, countermeasures to denial of service attacks), privacy-preserving techniques and their application to critical information systems (such as health information systems), and incentive engineering in information security. His publications regularly appear in the mainstream venues in system and network security. He also serves on various conference committees in the area.
Host: Xuxian Jiang, Computer Science