The Bug The Better: Mining Bugs in Complex Programs
Speaker: Prof. Flavio Toffalini
December 19th, 2024 | 4.15 pm
Politecnico di Milano - 2.1.1 Room (Bld. 2 - Bruno Finzi)
Piazza Leonardo da Vinci, 32 Milano
Contact: Prof. Stefano Zanero
December 19th, 2024 | 4.15 pm
Politecnico di Milano - 2.1.1 Room (Bld. 2 - Bruno Finzi)
Piazza Leonardo da Vinci, 32 Milano
Contact: Prof. Stefano Zanero
Abstract
On December 19th, 2024 at 4.15 pm the seminar titled "The Bug The Better: Mining Bugs in Complex Programs" will take place at Politecnico di Milano, 2.1.1 Room (Building 2).
Adversaries continuously exploit vulnerabilities to compromise systems, such as crafting malicious JavaScript programs to hijack Web browsers and obtain remote execution.
The most effective strategy for preventing such exploitation, and enhancing system security, is identifying and patching bugs. However, discovering vulnerabilities in modern systems requires facing scalability issues, and dealing with emerging attack surfaces.
Adversaries continuously exploit vulnerabilities to compromise systems, such as crafting malicious JavaScript programs to hijack Web browsers and obtain remote execution.
The most effective strategy for preventing such exploitation, and enhancing system security, is identifying and patching bugs. However, discovering vulnerabilities in modern systems requires facing scalability issues, and dealing with emerging attack surfaces.
This presentation will explore cutting-edge advancements in automated software testing, focusing on techniques to maximize the detection of security-critical bugs. Additionally, we will examine new challenges, such as errors injected by compilers into secure code, logic errors in Java programs, and erroneous code optimization in JavaScript engines.
Short Bio
Flavio Toffalini is an assistant professor at Ruhr-Universität Bochum (RUB) and chair for Automated Security Analysis. He works on system security in the context of trusted applications, automatic software testing, and exploit mitigation. Specifically, he studies designs novel testing techniques, and threats for SGX and TEE technologies. His background ranges from software engineering to mitigation and bug finding. He also serves on the program committee for conferences such as NDSS, Usenix SEC, DIMVA, and ISSTA.