Title: BitBlaze: Security via Binary Analysis &WebBlaze: New Techniques Tools for Web Security

Speaker：Dawn Song，Department of ElectricalEngineering Computer Science

at University of California,Berkeley

Time： June 28, 2010 14：00-15：30

Venue： East Main Building 10-101

Abstract:

The BitBlaze project focuses on building a unified binary program analysis platform using it to provide novel solutions to computer security problems. The binary analysis platform provides an extensible architecture a broad range of static analysis, dynamic analysis, program verification capabilities, all of which operate directly on compiled binaries. These capabilities enable BitBlaze to take a powerful, principled approach to security that focuses on identifying the underlying root causes of security vulnerabilities.

We have used BitBlaze to enable over a dozen security applications, including patch-based exploit generation, automatic generation of vulnerability signatures for defense, model extraction from web browsers for vulnerability discovery. This talk provides an overview of the BitBlaze project presents some recent results that use BitBlaze to solve a number of important security problems.

I will also briefly describe the WebBlaze project where we employ the experience learned from BitBlaze to develop techniques tools for vulnerability discovery defense on the web. In particular, WebBlaze‘s new technologies cover a broad range including new architectural solutions for defending against cross-site scripting attacks, tools for detecting defending against cross-origin JavaScript capability leaks which lead to universal cross-site scripting attacks, new approaches for secure browser extensions web advertisements. Some solutions proposed in WebBlaze have been deployed in Google Chrome. For more information, please see

http://bitblaze.cs.berkeley.eduhttp://webblaze.cs.berkeley.edu.

Bio:

Dawn Song is an Associate Professor in the department of Electrical Engineering Computer Science at University of California, Berkeley. She obtained her B.S. in Physics from Tsinghua University in China in 1996, her M.S. in Computer Science from Carnegie Mellon University in 1999, her Ph.D. in Computer Science from UC Berkeley in 2002. Prior to joining UC Berkeley, she was an Assistant Professor at Carnegie Mellon University from 2002 to 2007. Her research interest lies in security privacy issues in computer systems networks, including areas ranging from software security, networking security, database security, distributed systems security, to applied cryptography. She is the recipient of various awards including the NSF CAREER Award, the Alfred P. Sloan Research Fellowship Award, the Guggenheim Fellowship Award, the IBM Faculty Award, the George Tallman Ladd Research Award, the Okawa Foundation Research Award, the Li Ka Shing Foundation Women in Science Distinguished Lecture Series Award. She is also the author of multiple award papers in top security conferences, including the Best Paper Award at the USENIX Security Symposium the Highest Ranked Paper at the IEEE Symposium on Security Privacy. Recently she was awarded the MIT Technology Review TR-35 Award, recognizing her as one of the world‘s top innovators under the age of 35.