CS Colloquium: Christophe Hauser (USC / ISI) - Binary program analysis for systems security: a journey of post-design security challenges
Tue, Feb 21, 2023 @ 11:00 AM - 12:00 PM
Thomas Lord Department of Computer Science
Conferences, Lectures, & Seminars
Speaker: Christophe Hauser, USC / ISI
Talk Title: Binary program analysis for systems security: a journey of post-design security challenges
Series: CS Colloquium
Abstract: Modern software stacks are complex and rapidly expanding. This continuous trend keeps raising new challenges for software security: the discrepancy between the number of trained human experts available and the growing scale of modern software makes traditional analysis techniques unfit to address security problems in a timely fashion in real-world settings. Existing solutions towards solving this conundrum are staggered across multiple stages in the software development process. While design-time approaches involving formal methods and proofs of correctness have received academic attention and demonstrated success in safety-critical domains such as aerospace, the current state-of-practice in most of the software industry relies on informal and reactive security techniques which often require manual analysis.
My work focuses on addressing the unique challenges of post-development security through principled approaches leveraging formal methods, reverse engineering and machine learning to detect, patch and prevent vulnerabilities across the software stacks. However, security properties are difficult to guarantee in the context of modern, real-world computer architectures and software engineering practices, and this difficulty is further exacerbated when source code, specification or design-level information is unavailable. Unfortunately, this context is very common when it comes to evaluating the security of third-party software, whether it is released in the form of applications, libraries or embedded firmware.
In this talk, I will present my research to date towards addressing these challenges by focusing on leveraging theoretically sound models while attempting to identify the best soundness trade-offs to make these practical and prioritize real-world impact.
More specifically, I will present applications of these models to the problems of vulnerability discovery in a post-development context, retrofitting security in binary code and on extending the scalability of vulnerability models with machine learning.
This lecture satisfies requirements for CSCI 591: Research Colloquium
Biography: Dr. Christophe Hauser is Research Computer Scientist and Research Lead at University of California\'s Information Sciences Institute, where he founded and co-leads the BASS (Binary Analysis and Systems Security) research group (https://urldefense.com/v3/__https://bass.isi.edu__;!!LIr3w8kk_Xxm!qKWHZjoxvzMpC-rGATAiOW1m9nqIFHGeItsBB8n2hqiYHcQ5pqEcPeMyuQgGrc1gg5tvklVajL8hTQ$ ).
His research focuses on multiple aspects of systems security including intrusion detection, vulnerability discovery, binary program analysis and reverse engineering. He has been publishing high-impact papers in top security conferences such as USENIX Security, the Annual Computer Security Applications Conference (ACSAC), USENIX Security, the Network and Distributed System Security (NDSS) Symposium and the IEEE symposium on Security and Privacy (S&P). He also has been actively serving as technical committee member for top security conferences, including as the ACM Conference on Computer and Communications Security (CCS), USENIX Security and ACSAC, and was part of the organizing committee of CCS 2022.
Prior to joining USC-ISI, he was a postdoctoral researcher in the Seclab at UC Santa Barbara where he worked on the design and development of the \"angr\" program analysis platform, which is now vastly used across academia and industry.
He received his Ph.D. degree in Computer Science from CentraleSupÃ©lec, University of Paris-Saclay, France, (jointly with Queensland university of technology, Australia).
Host: Department of Computer Science
Location: Olin Hall of Engineering (OHE) - 132
Audiences: Everyone Is Invited
Contact: Assistant to CS chair