Title:
Protecting Computer Systems through Eliminating Vulnerabilities
Protecting Computer Systems through Eliminating Vulnerabilities
No Thumbnail Available
Author(s)
Lee, Byoungyoung
Advisor(s)
Editor(s)
Collections
Supplementary to
Permanent Link
Abstract
Many system components and network applications are written in unsafe
programming languages that are prone to memory corruption vulnerabilities. To combat
countless catastrophes from these vulnerabilities, there have been many defense research
efforts. However, these were largely limited because their techniques focused on certain
negative side effects from those vulnerabilities. As a result, there have been many unfortunate
cases when security holes in these mitigation solutions are later uncovered, and significantly
thwart the security of underlying systems. In this talk, I'll present a protection system which
completely eliminates the root cause of those vulnerabilities. Specifically, I have targeted two
popular and emerging vulnerabilities, use-after-free and bad-casting, each of which can be
addressed with protection systems that I developed as a student at Georgia Tech: DangNull and
caver, respectively. Since DangNull and caver directly fix the origin of such issues, they do not
leave any security holes that attackers could abuse in the future.
DangNull and caver have been recognized by both academia and industry for their highly
practical impacts: Facebook and USENIX awarded the Internet Defense Prize, and CSAW
awarded the "best applied security research paper." Meanwhile, Google and Mozilla deployed
DangNull and Caver, respectively, in their development infrastructures.
Sponsor
MailChimp
Date Issued
2016-01-29
Extent
43:29 minutes
Resource Type
Moving Image
Resource Subtype
Lecture