Program Analysis for Vulnerability Detection Cristian-Alexandru Staicu

News

18.01.2022

Tomorrow's seminar is canceled

Hey all,

Unfortunately, the speaker for tomorrow (Omar) is sick and thus, unable to give the talk. He will present his topic at the end of the semester instead, i.e., on 9th of February. Therefore, we will skip tomorrow's seminar session and meet next week when... Read more

Hey all,

Unfortunately, the speaker for tomorrow (Omar) is sick and thus, unable to give the talk. He will present his topic at the end of the semester instead, i.e., on 9th of February. Therefore, we will skip tomorrow's seminar session and meet next week when Hong-Thai will talk about crypto API misuses.

Best,

Cris

20.11.2021

Next week's seminar is canceled

Hey all,

Unfortunately, the speaker from next week (Mitul) faced an unforeseen emergency and he will not be able to give the talk on Wednesday, as planned. Hence, we will skip next week's seminar and he will present at the end of the semester, instead. Please... Read more

Hey all,

Unfortunately, the speaker from next week (Mitul) faced an unforeseen emergency and he will not be able to give the talk on Wednesday, as planned. Hence, we will skip next week's seminar and he will present at the end of the semester, instead. Please find the updated semester plan on the seminar's page. See you all on the 1st of December when Sukanya will present.

Best,

Cris

27.10.2021

Presentation slides and topics preference

Hey all,

I uploaded the slides for the kickoff presentation: you can find a link to them on the main page, or you can see them in the Information -> Materials section on CMS. I also uploaded the template for the report. Please do not forget to send me today the... Read more

Hey all,

I uploaded the slides for the kickoff presentation: you can find a link to them on the main page, or you can see them in the Information -> Materials section on CMS. I also uploaded the template for the report. Please do not forget to send me today the list of preferred topics.

Best,

Cris

27.10.2021

Kickff meeting now

The kickoff meeting is about to start. Please join us in the Zoom call.

26.10.2021

Kickoff meeting tomorrow

Dear all,

This is a reminder that the kickoff meeting will take place tomorrow at 10. I sent you all the Zoom link by email. 

See you tomorrow,

Cris

 

Description

For registration, please apply for this seminar through the central seminar assignment system.

Program analysis is a mature research area at the intersection of programming languages, formal methods, and software engineering. One of its main applications is automatic vulnerability detection. However, the complexity of modern systems is overwhelming and the vulnerabilities to be detected are increasingly sophisticated. To account for these particularities, many recent approaches advocate for lightweight program analysis techniques or hybrid methods, i.e., static and dynamic analysis. This seminar explores the trade-offs involved in designing a program analysis that scales to analyzing the security of real systems. In this seminar, we will discuss recent research papers in the area in a reading group format. Each week, one student will present papers covering a given topic, followed by a discussion. All participants are expected to actively participate in the discussion by asking questions.

Logistics

Instructor: Cristian-Alexandru Staicu,

Time: Wednesday, 10 am,

Location: Zoom (Disclaimer).

Semester Plan

  • 27th of October - kickoff meeting
  • 17th of November - Florian Romann, Fuzzing low-level programs,
  • 24th of November - Mitul Bipin, Availability vulnerabilities,
  • 1st of December - Sukanya Sengupta, Vulnerabilities in mobile apps,
  • 8th of December - Reza Zamiri, Vulnerabilities in software components and dependencies,
  • 15th of December - Florian Nawrath, Vulnerability prediction,
  • 5th of January - Davide Cecchini, Vulnerabilities in low-level programs,
  • 12th of January - Farah Shenawy, Automatic patching of vulnerabilities,
  • 19th of January - Omar Renawi, Vulnerabilities in web applications,
  • 26th of January - Hong-Thai Luu, Detect misuses of crypto APIs,
  • 2nd of February - Mitul Bipin, Availability vulnerabilities,
  • 9th of February - Omar Renawi, Vulnerabilities in web applications,
  • 24th of February - deadline for submitting the report.

Grading system

The final grade is an aggregate of the following parts, both presentation and final report are mandatory:

  • 40% the final report,
  • 40% the presentation,
  • 20% for being active in class,
  • bonus: up to 15% for the hands-on exercise. 

Supporting Materials

Please find below a set of useful materials for the seminar:

  • The kick-off presentation's slides contain useful information about the structure and goals of this seminar, but also some required background for the assigned papers.
  • Sample presentation 1 - you should aim for this much content when presenting each of the assigned papers (approx. 15 minutes). See the kick-off presentation for the recommended presentation's structure.
  • Sample presentation 2 - a slightly shorter presentation (approx. 10 minutes).
  • Consider using the following template for the report and its associated sources.
  • You can find a sample report from last year here.

Topics

  1. Vulnerabilities in web applications
  2. Vulnerabilities in software components and dependencies
  3. Vulnerabilities in mobile apps
  4. Detect misuses of crypto APIs
  5. Vulnerabilities in low-level programs
  6. Fuzzing low-level programs
  7. [not assigned] Fuzzing compilers and engines
  8. [not assigned] Machine learning-aided vulnerability detection
  9. Availability vulnerabilities
  10. Automatic patching of vulnerabilities
  11. [not assigned] Removing vulnerabilities through debloating
  12. Vulnerability prediction


Privacy Policy | Legal Notice
If you encounter technical problems, please contact the administrators