CSE
CSE
CSE CSE


CSE Seminar or Event

Scaling Security Practices: Automated Approaches to Eliminate Security Vulnerabilities

Taesoo Kim


Assistant Professor
Georgia Tech
 
Thursday, April 05, 2018
10:30am - 11:30am
3725 Beyster

Add to Google Calendar

About the Event

Computer systems are highly vulnerable; attackers everyday discover new security vulnerabilities and exploit them to compromise the target systems. This talk will present our approaches to automatically prevent software vulnerabilities from exploitation. In particular, this talk will describe in detail two classes of vulnerabilities: an emerging class, called "type confusion" (or "bad casting"), that are commonly seen in modern web browsers, and a new class that we discovered, called "uninitialized padding," causing information leakage in the Linux kernel. This talk will explain what these vulnerabilities are, how attackers exploit them, why/how developers introduced them, and why it is non-trivial to avoid them in complex, real-world programs. Finally, our approaches to automatically eliminate them in practice will be demonstrated.

Biography

Taesoo Kim is a Catherine M. and James E. Allchin Early Career Assistant Professor in the School Computer Science at the Georgia Institute of Technology (Georgia Tech). He also serves as the director of the Georgia Tech Systems Software and Security Center (GTS3). He is genuinely interested in building a system that prioritizes security principles first and foremost. Those principles include the total design of the system, analysis of its implementation, elimination of certain classes of vulnerabilities, and clear separation of its trusted components. His thesis work, in particular, focused on detecting and recovering from attacks on computer systems, known as "undo computing." He holds a S.M. (2011) and a Ph.D. (2014) from MIT.

Additional Information

Sponsor(s): CSE

Open to: Public