• Login
    View Item 
    •   SMARTech Home
    • Institute for Information Security & Privacy (IISP)
    • Institute for Information Security & Privacy Cybersecurity Lecture Series
    • View Item
    •   SMARTech Home
    • Institute for Information Security & Privacy (IISP)
    • Institute for Information Security & Privacy Cybersecurity Lecture Series
    • View Item
    JavaScript is disabled for your browser. Some features of this site may not work without it.

    Protecting Computer Systems through Eliminating Vulnerabilities

    Thumbnail
    View/Open
    lee.mp4 (300.0Mb)
    lee_videostream.html (985bytes)
    Transcription.txt (31.93Kb)
    Date
    2016-01-29
    Author
    Lee, Byoungyoung
    Metadata
    Show full item record
    Abstract
    Many system components and network applications are written in unsafe programming languages that are prone to memory corruption vulnerabilities. To combat countless catastrophes from these vulnerabilities, there have been many defense research efforts. However, these were largely limited because their techniques focused on certain negative side effects from those vulnerabilities. As a result, there have been many unfortunate cases when security holes in these mitigation solutions are later uncovered, and significantly thwart the security of underlying systems. In this talk, I'll present a protection system which completely eliminates the root cause of those vulnerabilities. Specifically, I have targeted two popular and emerging vulnerabilities, use-after-free and bad-casting, each of which can be addressed with protection systems that I developed as a student at Georgia Tech: DangNull and caver, respectively. Since DangNull and caver directly fix the origin of such issues, they do not leave any security holes that attackers could abuse in the future. DangNull and caver have been recognized by both academia and industry for their highly practical impacts: Facebook and USENIX awarded the Internet Defense Prize, and CSAW awarded the "best applied security research paper." Meanwhile, Google and Mozilla deployed DangNull and Caver, respectively, in their development infrastructures.
    URI
    http://hdl.handle.net/1853/54538
    Collections
    • Institute for Information Security & Privacy Cybersecurity Lecture Series [118]

    Browse

    All of SMARTechCommunities & CollectionsDatesAuthorsTitlesSubjectsTypesThis CollectionDatesAuthorsTitlesSubjectsTypes

    My SMARTech

    Login

    Statistics

    View Usage StatisticsView Google Analytics Statistics
    • About
    • Terms of Use
    • Contact Us
    • Emergency Information
    • Legal & Privacy Information
    • Accessibility
    • Accountability
    • Accreditation
    • Employment
    • Login
    Georgia Tech

    © Georgia Institute of Technology

    • About
    • Terms of Use
    • Contact Us
    • Emergency Information
    • Legal & Privacy Information
    • Accessibility
    • Accountability
    • Accreditation
    • Employment
    • Login
    Georgia Tech

    © Georgia Institute of Technology