Series
Institute for Information Security & Privacy Cybersecurity Lecture Series
Institute for Information Security & Privacy Cybersecurity Lecture Series
Permanent Link
Series Type
Event Series
Description
Associated Organization(s)
Associated Organization(s)
2 results
Publication Search Results
Now showing
1 - 2 of 2
-
ItemFunction Equivalence with Symbolic Execution(Georgia Institute of Technology, 2021-04-16) Bittick, KennonSummarizing and comparing basic blocks or functions across different binaries or between binary and source code has many applications for program verification including verifying compilation, source or binary transformations, identifying patched code, and identifying library functions. This talk will present IRAD research on using static symbolic execution to prove source and binary function equivalence, with a focus on how breaking up functions or basic blocks into smaller, composable units can make the analysis tractable and bypass many common issues with symbolic execution.
-
ItemThe Scalability of Vulnerability Analysis(Georgia Institute of Technology, 2018-01-26) Bittick, KennonAnalyzing software for vulnerabilities is an important capability in ensuring the security of a computing system. As software has become more complex and ubiquitous, however, traditional vulnerability analysis techniques have failed to scale with the software. This talk will look through some of the history of vulnerability analysis, starting with manual analysis and simple fuzzing, and will move into modern intelligent fuzzing and symbolic execution. Trade-offs between analysis effectiveness and scalability will be discussed throughout, and the talk will conclude by looking at the potential future of hybrid human-computer vulnerability analysis.