Retrofitting Security in Closed-source Binary Programs

Wednesday, April 25, 2018, 1:30 pm PDTiCal
ISI - Marina del Rey: Conference Room 1135; ISI - Waltham: via BlueJeans; ISI - Arlington: via BlueJeans, Conference Room 207
Cybersecurity Seminar Talk
Dr. Christophe Hauser, Networking & Cybersecurity Division at ISI
Video Recording:

Abstract:  In spite of the presence of increasingly sophisticated compiler-level verifications, testing frameworks and code audit tools, security bugs remain in the code of off-the-shelf software components. Unfortunately, software components presenting security risks may be developed and integrated in opaque, closed-source environments (e.g., as part of an embedded device’s proprietary firmware). The process of automatically evaluating the security of software programs in such environments involves multiple challenges in terms of accuracy and scalability. We investigate solutions to address these challenges at scale based on lightweight heuristic-driven static analysis and symbolic execution at the binary level. Our initial focus is on memory corruption vulnerabilities caused by unsafe input parsing implementations.

Speaker Bio:  Christophe Hauser is a research computer scientist at USC Information Sciences Institute in Marina del Rey. His research interests span across multiple areas of security, with a focus on binary program analysis, as well as OS and kernel security. Previously, he was a postdoctoral researcher at University of California, Santa Barbara, where he worked on building parts of the angr binary analysis framework. He received his Ph.D. in computer science from Supélec/University of Rennes (France) and Queensland University of Technology (Australia).


    Dr. Christophe Hauser. Photo by Caitlin Dawson, USC/ISI.


Additional Speaker Information:

Host:  Ms. Terry Benzel, Division Director - Networking & Cybersecurity (formerly Internet & Networked Systems)

Remote Participants can join the live event on April 25th via BlueJeans at:

« Return to Upcoming Events