Oct. 12 - Faculty Colloq: Automated Vulnerability Analysis and Exploit Generation for Web Applications

 

Venkat Venkatakrishnan is visiting Stony Brook next week and will present, "Automated Vulnerability Analysis and Exploit Generation for Web Applications".  This talk is taking place at 1p in Room 120 in the New Computer Science building. 

Abstract:
With the rapid increase  in  the number of web-based cyber attacks, vulnerability analysis of web applications is an area of growing importance, as it involves proactive identification of a system's weak points before an adversary can exploit them.  In this talk, I will present  recent  results that identify input validation vulnerabilities as well as well as application
logic vulnerabilities in web applications. The main challenge is to identify vulnerabilities in existing (legacy) code, where  the only  available documentation of an application's behavior is its source code. We present specification inference techniques that elicit an application's intended behavior directly from code, for use in vulnerability detection. We also discuss how we can use  recent advances in constraint solving to  generate exploits from the identified vulnerabilities.  Finally, we discuss how our exploit generation capabilities could be turned into  offensive technologies in the ongoing battle against cyber-crime.

Bio:
Venkat Venkatakrishnan's broad research interests are in computer security and privacy.  He is particularly interested in the security of software systems, in vulnerability analysis and automated approaches to preventing large-scale attacks on computer systems.   He is currently a full  professor of Computer Science at the University of Illinois at Chicago (UIC).   He received  the National Science Foundation CAREER award in 2009 and has received several best paper awards including the 2010 NYU-AT&T Best Applied Cybersecurity Paper Award. His research  (over 13 million in funding as PI/Co-PI) is supported by NSF, DARPA, AFOSR, and DHS. For his contributions to computer security education in the classroom at UIC, he was awarded the 2015 UIC Award for Excellence in Teaching, the highest university level teaching award. He received  his Ph.D.  degree in computer science from Stony Brook University in 2004.