Software security -- theory and practice
ABSTRACT
Security issues can arise because of flaws in policies or in
implementations. In the realm of software security,
implementation flaws have been numerous, sometimes startling,
and often serious. Ideally, those flaws should be avoided by
design, or fixed. In practice, that can be hard and costly, so
we may have to tolerate some vulnerabilities (e.g., some buffer
overflows), and to develop appropriate architectures and models
for the resulting systems.
This talk is an introduction to software security, with an
emphasis on low-level attacks and defenses. It focuses on
systematic mitigations (specifically, techniques for layout
randomization and control-flow integrity) that aim to be
effective in the presence of buggy software and powerful
attackers. Although most of the talk will be informal, we will
also discuss some applications of programming-language theory in
this domain.
AUTHORS: Prof. Leon van der Torre
WHEN: Tuesday, Juny 21th, 2011, 11:00
WHERE: Sala Congressi Pier della Francesca
DATE-TAG:2011
- Individual Seminars (IS)