Toward Automatically Evaluating Security Risks and Providing Cyber Threat Intelligence
Program security analysis has been studied for decades. Various techniques, such as fuzzing, taint analysis, and symbolic execution, have demonstrated their successes in vulnerability assessment. Today, the availability of a large amount of program semantic data (e.g., manuals, developer documentation, related web content), and the the advance of artificial intelligence technologies makes it increasingly feasible to simulate human intelligence in understanding program semantics to discover software vulnerability automatically. In this talk, I will discuss my research toward in-depth and systematic semantic supports for automatic vulnerability assessment and privacy compliance check. Particularly, I will focus on two systems — Advance and Dilution — which automatically analyzes the developer’s guide to infer potential security flaws and API misuse, respectively.
About the Speaker:
Xiaojing Liao is an Assistant Professor in the Department of Computer Science and Grant Thornton Scholar at Indiana University Bloomington. Her research interests include data-driven security and privacy, with specific focuses on system security, cybercrime, as well as cyber-physical systems security and privacy. She has published papers on leading system security venues such as S&P (Oakland), Usenix Security, CCS, and NDSS. She is the recipient of the ACM SIGSAC Dissertations Award Runner-up, NDSS Distinguished Paper Award, and CCS Best Paper Award Runner-up.