Dates
Wednesday, October 12, 2016 - 01:00pm to Wednesday, October 12, 2016 - 02:00pm
Location
Room 120, New Computer Science Building, Stony Brook University
Event Description

Venkat Venkatakrishnan is visiting Stony Brook next week and will present, "Automated Vulnerability Analysis and Exploit Generation for Web Applications".

Abstract:
With the rapid increase  in  the number of web-based cyber attacks, vulnerability analysis of web applications is an area of growing importance, as it involves proactive identification of a system's weak points before an adversary can exploit them.  In this talk, I will present  recent  results that identify input validation vulnerabilities as well as well as application
logic vulnerabilities in web applications. The main challenge is to identify vulnerabilities in existing (legacy) code, where  the only  available documentation of an application's behavior is its source code. We present specification inference techniques that elicit an application's intended behavior directly from code, for use in vulnerability detection. We also discuss how we can use  recent advances in constraint solving to  generate exploits from the identified vulnerabilities.  Finally, we discuss how our exploit generation capabilities could be turned into  offensive technologies in the ongoing battle against cyber-crime.

Bio:
Venkat Venkatakrishnan's (http://www.cs.uic.edu/~venkat) broad research interests are in computer security and privacy.  He is particularly interested in the security of software systems, in vulnerability analysis and automated approaches to preventing large-scale attacks on computer systems.   He is currently a full  professor of Computer Science at the University of Illinois at Chicago (UIC).   He received  the National Science Foundation CAREER award in 2009 and has received several best paper awards including the 2010 NYU-AT&T Best Applied Cybersecurity Paper Award. His research  (over 13 million in funding as PI/Co-PI) is supported by NSF, DARPA, AFOSR, and DHS. For his contributions to computer security education in the classroom at UIC, he was awarded the 2015 UIC Award for Excellence in Teaching, the highest university level teaching award. He received  his Ph.D.  degree in computer science from Stony Brook University in 2004.

Event Title
Faculty Colloq & CSE 600: Automated Vulnerability Analysis and Exploit Generation for Web Applications