Toward Automatically Evaluating Security Risks and Providing Cyber Threat Intelligence

Thu, Mar 4, 2021, 4:30 pm to 5:30 pm
Location: 
Speaker(s): 
Sponsor(s): 
Electrical and Computer Engineering

Please register here to attend the seminar

Talk recording

Abstract:

Program security analysis has been studied for decades. Various techniques, such as fuzzing, taint analysis, symbolic execution, have demonstrated their successes in vulnerability assessment. Today, the availability of a large amount of program semantic data (e.g., manuals, developer documentation, related web content), and the advance of artificial intelligence technologies make it increasingly feasible to simulate human intelligence in understanding program semantics to discover software vulnerability automatically. In this talk, I will discuss my research toward in-depth and systematic semantic supports for automatic vulnerability assessment. Particularly, I will focus on two systems — Advance and Dilution — which automatically analyzes the developer’s guide to infer potential security flaws and API misuse, respectively.

Bio:

Xiaojing Liao is an Assistant Professor in the Department of Computer Science at Indiana University Bloomington. Her research interests include data-driven security and privacy, with specific focuses on system security, cybercrime, as well as cyber-physical systems security and privacy. She has published papers on leading system security venues such as S&P (Oakland), Usenix Security, CCS, and NDSS. She is the recipient of the ACM SIGSAC Dissertations Award and NDSS Distinguish Paper Award.