세미나

2023.03.07(화) 정보보호대학원 2023년 봄학기 콜로퀴움 - Mathias Payer
작성일2023-02-27

정보보호대학원에서는 3월 7일 오후 4시에 아래와 같이 콜로퀴움을 개최하고자 합니다. 많은 참석 부탁드립니다.


o 일 시: 23. 03. 07(화) 16:00~
o 주 제: Tales of Program Crashes and Vulnerabilities
o 강 사: Mathias Payer (EPFL, Professor)
o 장 소: 온라인 ZOOM

 
※ 세미나 시작시간 5분전에 준비하여 주세요.

ㅡㅡㅡ

♣ Title: Tales of Program Crashes and Vulnerabilities

♣ Abstract
All software has bugs and some of these bugs can be exploited by an
adversary to gain unintended access to private data and computation.
We study vulnerabilities along three dimensions. First, developing
techniques to quickly discover vulnerabilities allows developers to
fix bugs before code is being deployed to users. Here we embrace
incompleteness to scale to the massive size of current software.
Second, creating mitigations makes exploitation of any remaining
bugs harder, increasing the cost for adversaries. Third, researching
novel compartmentalization mechanisms breaks large monolithic
software into smaller fault domains to further limit adversaries.

This talk gives an overview of the software security landscape in
general, and our three research dimensions in particular. We highlight
why each area is important and how it relies on the others. The
overarching goal is to increase security guarantees of software systems
by fixing bugs early, prohibiting adversaries form exploiting remaining
bugs, and restricting the power they get through any component.
 

♣ Bio
Mathias Payer is a security researcher and associate professor at EPFL,
leading the HexHive group. His research focuses on protecting
applications in the presence of vulnerabilities, with a focus on memory
corruption and type violations. He is interested in software security,
system security, binary exploitation, effective mitigations, fault
isolation/privilege separation, strong sanitization, and software
testing (fuzzing) using a combination of binary analysis and
compiler-based techniques. He was awarded both the ERC Starting Grant
and the SNSF Eccellenza to foster research in software security (each of
which is comparable to the NSF CAREER).