Bugs, Security Vulnerabilities and Program Analysis Techniques  

Location: homepage>Events
Bugs, Security Vulnerabilities and Program Analysis Techniques
( 2016-01-12 )


Speaker: Lian Li
Time: 2015-10-21 16:50
Place: Classroom 3C122, No.3 Teach Building, West Campus

Bugs are inevitable in software development; they have direct impact on software quality and may lead to serious security vulnerabilities. Program analysis tools are effective in detecting bugs in large software products: there are many widely-used tools available, including static code analysis tools such as Coverity, KlockWork, Fortify etc., and dynamic tools such as SAGE. In this talk, I will introduce 3 bug examples, and explain how they lead to serious security vulnerabilities. I will use the 3 examples to show how existing program analysis techniques can be applied to detect someof these bugs, highlight their limitations and discuss possible solutions.

Short Bio:
Lian Li joined the Institute of Computing Technology, Chinese Academy of Sciences (ICT, CAS) as a 100 talents professor in April, 2015. Before joined ICT, he was a principal member of technique staff at Oracle Labs, Australia. He got his bachelor from Tsinghua University in 1998 and his Phd from University of New South Wales in 2007. His current research is in the area of program analysis techniques, with a focus on how to apply program analysis techniques to ensure software reliability and security. He has published a number of papers in top conferences such as FSE, PACT, IEEE TC, TACO/TECS, and LCTES etc. As the key member, he developed the static code analysis tool Parfait, which is now transferred as an Oracle internal product and used as the daily development tools for more than 10,000 Oracle developers.