Faculty Colloq & CSE 600: Automated Vulnerability Analysis and Exploit Generation for Web Applications

Wednesday, October 12, 2016 - 13:00 to 14:00
Room 120, New Computer Science Building, Stony Brook University

Venkat Venkatakrishnan is visiting Stony Brook next week and will present, "Automated Vulnerability Analysis and Exploit Generation for Web Applications".

With the rapid increase in the number of web-based cyber attacks, vulnerability analysis of web applications is an area of growing importance, as it involves proactive identification of a system's weak points before an adversary can exploit them. In this talk, I will present recent results that identify input validation vulnerabilities as well as well as application
logic vulnerabilities in web applications. The main challenge is to identify vulnerabilities in existing (legacy) code, where the only available documentation of an application's behavior is its source code. We present specification inference techniques that elicit an application's intended behavior directly from code, for use in vulnerability detection. We also discuss how we can use recent advances in constraint solving to generate exploits from the identified vulnerabilities. Finally, we discuss how our exploit generation capabilities could be turned into offensive technologies in the ongoing battle against cyber-crime.

Venkat Venkatakrishnan's (http://www.cs.uic.edu/~venkat) broad research interests are in computer security and privacy. He is particularly interested in the security of software systems, in vulnerability analysis and automated approaches to preventing large-scale attacks on computer systems. He is currently a full professor of Computer Science at the University of Illinois at Chicago (UIC). He received the National Science Foundation CAREER award in 2009 and has received several best paper awards including the 2010 NYU-AT&T Best Applied Cybersecurity Paper Award. His research (over 13 million in funding as PI/Co-PI) is supported by NSF, DARPA, AFOSR, and DHS. For his contributions to computer security education in the classroom at UIC, he was awarded the 2015 UIC Award for Excellence in Teaching, the highest university level teaching award. He received his Ph.D. degree in computer science from Stony Brook University in 2004.

Computed Event Type: 
Event Title: 
Faculty Colloq & CSE 600: Automated Vulnerability Analysis and Exploit Generation for Web Applications