*********************************
There is now a CONTENT FREEZE for Mercury while we switch to a new platform. It began on Friday, March 10 at 6pm and will end on Wednesday, March 15 at noon. No new content can be created during this time, but all material in the system as of the beginning of the freeze will be migrated to the new platform, including users and groups. Functionally the new site is identical to the old one. webteam@gatech.edu
*********************************
For more information, please contact Calton Pu at calton@cc.gatech.edu or 404-385-1106.
Summary Sentence: How Compiler Optimizations Make Our Systems Vulnerable: Understanding and Mitigating a New Class of Security Bugs
Full Summary: No summary paragraph submitted.
Xi Wang, Massachusetts Institute of TechnologySPEAKER:
Xi Wang, Massachusetts Institute of Technology
TITLE:
How Compiler Optimizations Make Our Systems Vulnerable: Understanding and Mitigating a New Class of Security Bugs
ABSTRACT:
Software bugs introduce security vulnerabilities into our computer systems. To understand and mitigate an increasing number of bugs, practitioners categorize them into classes, such as buffer overflow or SQL injection, and handle each class separately.
This talk introduces a new class of bugs called unstable code: code that is unexpectedly discarded by compiler optimizations due to undefined behavior in the program. I will discuss its prevalence and security impact in systems, and present a systematic approach for reasoning about unstable code, as well as a static checker called Stack that implements this approach to precisely identify unstable code in real systems. Applying Stack to widely used software has uncovered 160 new bugs that have been confirmed and fixed by developers. It has also been adopted by several companies to scan their code bases.
BIO:
Xi Wang is a PhD candidate in Computer Science at MIT, advised by M. Frans Kaashoek and Nickolai Zeldovich. His research interests are in building secure and reliable systems. He was awarded a Best Paper Award at SOSP 2013, a Best Student Paper Award at EuroSys 2008, and an MIT Jacobs Presidential Fellowship in 2008.
