KAIST Graduate School of Information Security

[세미나] Practical Type and Memory Safety Violation Detection Mechanism - 전유석 교수 (UNIST)
작성일2021-05-25
다음주, 저희 정보보호대학원에서는 UNIST 전유석 교수님을 모시고 "Practical Type and Memory Safety Violation Detection Mechanism " 주제로 아래와 같이 세미나를 개최하고자 합니다. ※ 코로나19 확산방지를 위하여 원격수업으로(ZOOM) 진행할 예정입니다. ※ 발표 10분전에 소회의실 미팅으로 연사님과의 짧은 간담회 시간이 있습니다. 참여를 원하시는 분들은 줌의 참가기능을 이용하시면 됩니다. = 아 래 = o 일시 - 21.6.1(화) 16:00~ ※ 시작시간 5분전에 준비하여 주세요. URL: https://zoom.us/j/2902905410 접속 비밀번호: 이메일 별도 공지 ================================== Title: Practical Type and Memory Safety Violation Detection Mechanism Abstract System programming languages such as C and C＋＋ are designed to give the programmer full control over the underlying hardware. However, this freedom comes at the cost of type and memory safety violations, which may allow an attacker to compromise applications. In this talk, I will present our three approaches to address these type and memory safety violation issues. First, I will introduce HexType and V-Type, our advanced type safety violation detectors that provide light-weight metadata structures, compiler optimizations, and handle specific object allocation patterns. Our tools significantly improve detection coverage and reduce performance overhead. In addition, our tools discover new type confusion bugs in real-world programs such as Qt and Apache Xerces-C＋＋. Next, I will introduce FuZZan to optimize memory safety violation detectors for fuzzing. Consequently, FuZZan improves fuzzing throughput, and this helps the tester find even more bugs given the same amount of time. Bio Yuseok Jeon is an Assistant Professor in the Department of Computer Science at Ulsan National Institute of Science and Technology (UNIST). He received his Ph.D. in Computer Science from Purdue University in 2020. His research interest is solving software and systems security problems via programming analysis. He has about five years work experience in several areas, including some companies and research institutes, both in the US and in South Korea, such as National Security Research Institute (NSRI), Samsung Research, NEC Labs America, and Intel.

[세미나] Practical Type and Memory Safety Violation Detection Mechanism - 전유석 교수 (UNIST)

작성일2021-05-25

다음주, 저희 정보보호대학원에서는 UNIST 전유석 교수님을 모시고 "Practical Type and Memory Safety Violation Detection Mechanism " 주제로 아래와 같이 세미나를 개최하고자 합니다.

※ 코로나19 확산방지를 위하여 원격수업으로(ZOOM) 진행할 예정입니다.

※ 발표 10분전에 소회의실 미팅으로 연사님과의 짧은 간담회 시간이 있습니다.

참여를 원하시는 분들은 줌의 참가기능을 이용하시면 됩니다.

= 아 래 =

o 일시

- 21.6.1(화) 16:00~

※ 시작시간 5분전에 준비하여 주세요.

URL: https://zoom.us/j/2902905410

접속 비밀번호: 이메일 별도 공지

==================================

Title: Practical Type and Memory Safety Violation Detection Mechanism

Abstract

System programming languages such as C and C＋＋ are designed to give the programmer full control over the underlying hardware. However, this freedom comes at the cost of type and memory safety violations, which may allow an attacker to compromise applications. In this talk, I will present our three approaches to address these type and memory safety violation issues. First, I will introduce HexType and V-Type, our advanced type safety violation detectors that provide light-weight metadata structures, compiler optimizations, and handle specific object allocation patterns. Our tools significantly improve detection coverage and reduce performance overhead. In addition, our tools discover new type confusion bugs in real-world programs such as Qt and Apache Xerces-C＋＋. Next, I will introduce FuZZan to optimize memory safety violation detectors for fuzzing. Consequently, FuZZan improves fuzzing throughput, and this helps the tester find even more bugs given the same amount of time.

Bio

Yuseok Jeon is an Assistant Professor in the Department of Computer Science at Ulsan National Institute of Science and Technology (UNIST). He received his Ph.D. in

Computer Science from Purdue University in 2020. His research interest is solving software and systems security problems via programming analysis. He has about five years work experience in several areas, including some companies and research institutes, both in the US and in South Korea, such as National Security Research Institute (NSRI), Samsung Research, NEC Labs America, and Intel.

목록으로