BEGIN:VCALENDAR BEGIN:VEVENT SUMMARY:CS Colloquium: Christophe Hauser (USC / ISI) - Binary program analysis for systems security: a journey of post-design security challenges DESCRIPTION:Speaker: Christophe Hauser, USC / ISI Talk Title: Binary program analysis for systems security: a journey of post-design security challenges Series: CS Colloquium Abstract: Modern software stacks are complex and rapidly expanding. This continuous trend keeps raising new challenges for software security: the discrepancy between the number of trained human experts available and the growing scale of modern software makes traditional analysis techniques unfit to address security problems in a timely fashion in real-world settings. Existing solutions towards solving this conundrum are staggered across multiple stages in the software development process. While design-time approaches involving formal methods and proofs of correctness have received academic attention and demonstrated success in safety-critical domains such as aerospace, the current state-of-practice in most of the software industry relies on informal and reactive security techniques which often require manual analysis. \n My work focuses on addressing the unique challenges of post-development security through principled approaches leveraging formal methods, reverse engineering and machine learning to detect, patch and prevent vulnerabilities across the software stacks. However, security properties are difficult to guarantee in the context of modern, real-world computer architectures and software engineering practices, and this difficulty is further exacerbated when source code, specification or design-level information is unavailable. Unfortunately, this context is very common when it comes to evaluating the security of third-party software, whether it is released in the form of applications, libraries or embedded firmware.\n In this talk, I will present my research to date towards addressing these challenges by focusing on leveraging theoretically sound models while attempting to identify the best soundness trade-offs to make these practical and prioritize real-world impact.\n More specifically, I will present applications of these models to the problems of vulnerability discovery in a post-development context, retrofitting security in binary code and on extending the scalability of vulnerability models with machine learning.\n \n \n \n This lecture satisfies requirements for CSCI 591: Research Colloquium Biography: Dr. Christophe Hauser is Research Computer Scientist and Research Lead at University of California's Information Sciences Institute, where he founded and co-leads the BASS (Binary Analysis and Systems Security) research group (https://urldefense.com/v3/__https://bass.isi.edu__;!!LIr3w8kk_Xxm!qKWHZjoxvzMpC-rGATAiOW1m9nqIFHGeItsBB8n2hqiYHcQ5pqEcPeMyuQgGrc1gg5tvklVajL8hTQ$ ).\n His research focuses on multiple aspects of systems security including intrusion detection, vulnerability discovery, binary program analysis and reverse engineering. He has been publishing high-impact papers in top security conferences such as USENIX Security, the Annual Computer Security Applications Conference (ACSAC), USENIX Security, the Network and Distributed System Security (NDSS) Symposium and the IEEE symposium on Security and Privacy (S&P). He also has been actively serving as technical committee member for top security conferences, including as the ACM Conference on Computer and Communications Security (CCS), USENIX Security and ACSAC, and was part of the organizing committee of CCS 2022.\n Prior to joining USC-ISI, he was a postdoctoral researcher in the Seclab at UC Santa Barbara where he worked on the design and development of the "angr" program analysis platform, which is now vastly used across academia and industry.\n He received his Ph.D. degree in Computer Science from CentraleSupélec, University of Paris-Saclay, France, (jointly with Queensland university of technology, Australia).\n Host: Department of Computer Science DTSTART:20230221T110000 LOCATION:OHE 132 URL;VALUE=URI: DTEND:20230221T120000 END:VEVENT END:VCALENDAR