Vulnerability discovery in binaries and protocols
- Prof. Sven Dietrich, the Computer Science Department, Hunter College, the City University of New York (CUNY)
B5 L5 R5209
Vulnerability discovery can be challenging: many software packages, both open and closed-source projects, build on existing code from public software repositories to network drives, derived from earlier versions or related software packages. Even implemented protocols rely on such repositories. It is important to detect such copies of code when the original code contains a software vulnerability, especially one that is exploitable, as seen with flaws such as the bash vulnerability Shellshock or the SSL vulnerability Heartbleed.
Overview
Abstract
Vulnerability discovery can be challenging: many software packages, both open and closed-source projects, build on existing code from public software repositories to network drives, derived from earlier versions or related software packages. Even implemented protocols rely on such repositories. It is important to detect such copies of code when the original code contains a software vulnerability, especially one that is exploitable, as seen with flaws such as the bash vulnerability Shellshock or the SSL vulnerability Heartbleed. Finding and eradicating those software (or even protocol) flaws becomes a daunting task: how to find them precisely, how to find their variants, and how to find them quickly over millions of lines of code across projects when dealing with source code, or even in a binary form such as application executables or components of an operating system. We present some techniques that can detect such code clones using both source code and binary code cloning approaches.
Brief Biography
Sven Dietrich is a Professor in the Computer Science Department at Hunter College at the City University of New York (CUNY), where he started in August 2020. He is the Director of the Computer and Network Security Lab in the Computer Science Department at CUNY Hunter. He has also been affiliated with the PhD program in Computer Science at the CUNY Graduate Center since 2015. Prior to joining CUNY Hunter, Dr. Dietrich was an Associate Professor in the Mathematics and Computer Science Department at CUNY John Jay College of Criminal Justice, an Assistant Professor in Computer Science at Stevens Institute of Technology, a Senior Member of the Technical Staff at Carnegie Mellon University Software Engineering Institute and CERT Research, and a Senior Security Architect at the NASA Goddard Space Flight Center.
Dietrich’s work has focused on network security, especially on the analysis of distributed denial-of-service attacks, botnets, and the mitigation of such attacks, formal verification of security protocols, applied cryptography, software security, malware, and the ethics of computer security research. He has supported various security conferences as Program Chair (most recently IEEE CS SADFE 2020), General Chair (SACMAT 2022), Steering Committee member (Financial Cryptography and Data Security/FC, German Informatics Society Detection of Intrusions Malware and Vulnerability Assessment/DIMVA), and Program Committee member. He has served on the IEEE Computer Society Board of Governors, and also as the Technical Activities Chair there, managing around 30 Technical Committees and Councils.
Dietrich has a Doctor of Arts in Mathematics, a MS in Mathematics, and a BS in Computer Science and Mathematics from Adelphi University.