Agenda

10 Ott 2017 10:30

Automated Vulnerability Analysis for Modern Application Software

Campus Scientifico via Torino - edificio ALFA, Sala Conferenze Orio-Zanetto

Giancarlo Pellegrino, CISPA

Abstract:
The complexity and pervasiveness of application software are growing rapidly. Nowadays, application software encompasses multiple devices, e.g., mobile and IoT, and web services to perform operations ranging from online shopping and managing household appliances to controlling manufacturing processes. Like any other programs, application software has vulnerabilities that, when exploited, can be used for financial fraud, stealing confidential data, and industrial espionage. Unfortunately, existing automated vulnerability analysis techniques are inadequate to tackle the complexity reached by these programs, thus leaving them exposed to attackers. My main research topic intends to stop this emerging trend and lay the foundation for the next-generation automated vulnerability analysis techniques.
This talk focuses on the detection power and attack surface coverage challenges and presents two recent advances in the field. The first part of the talk presents Deemon, a tool that combines dynamic analysis and property graphs to mine Cross-Site Request Forgery, a long-neglected severe vulnerability. The second part of the talk presents jAEk, a new generation web application crawler that uses JavaScript dynamic analysis to increase the covered attack surface of web applications by 80%.

Bio Sketch:
Giancarlo Pellegrino is currently a research group leader at CISPA. His main research interests include all aspects of application security especially web security and automated vulnerability analysis. He has been selected for the CISPA-Stanford Center for Cybersecurity, and he will be soon appointed to a visiting assistant professor at Stanford University. Prior to that, Giancarlo was a postdoctoral researcher at CISPA and TU Darmstadt, Germany. During his doctoral stud- ies, Giancarlo was a member of the S3 group at EURECOM, in France, under the supervision of Prof. Davide Balzarotti. Until August 2013, he was a researcher associate in the “Security and Trust” research group at SAP SE.

Lingua

L'evento si terrà in italiano

Organizzatore

ACADIA Research Centre

Cerca in agenda