PhD Proposal: Tools and Experiments for Software Security
The computer security problems we face begin in computer programs that we write.
The exploitation of vulnerabilities that leads to the theft of private information and other nefarious activities begins with a vulnerability accidentally created in a computer program by that programs author. What are the factors that lead to the creation of these vulnerabilities? Software development and programming is in part a synthetic activity that we can control with technology, i.e. different programming languages and software development tools. Does changing the technology used to program software help programmers write more secure code? Finally, can we create technology that will help programmers make fewer mistakes?
I propose new tools and techniques using programming language design and software assurance tools to help identify critical bugs in software programs, Informed by experiments conducted with the Build It Break It project. I propose analysis tools and automatic re-writers to transform C code into Checked C code, a superset of C that adds spatial memory safety at the type layer. I also propose new fuzzing approaches to automatically identify side channel vulnerabilities and the integration of static analyses into fuzzing to improve the efficacy of fuzzing in general and specifically help fuzzing identify vulnerabilities in server and cloud applications.
Chair: Dr. Michael Hicks
Dept rep: Dr. John Dickerson
Members: Dr. Jeffrey Foster
Dr. David Levin