Campus Event Calendar: Marcel Böhme (03/09/2021 in Virtual talk/Virtual talk)

Campus Event Calendar

Campus Event Calendar:
- All Upcoming:
  - only for D1
  - only for D2
  - only for INET
  - only for D4
  - only for D5
  - only for D6
  - only for RG1
  - Mailing Lists
  - by Speaker
  - by Type
  - by Category
  - by Title
  - Calendar
  - RSS Feed
- History of Events:

Event Entry

What and Who

Automatic Vulnerability Discovery at Scale

Marcel Böhme

Monash University, Australia

CIS@MPG Colloquium

Marcel Böhme is a 2019 ARC DECRA Fellow and Senior Lecturer (A/Prof) at Monash University, Australia. He completed his PhD at National University of Singapore advised by Prof Abhik Roychoudhury in 2014. It followed a postdoctoral stint at the CISPA-Helmholtz Zentrum Saarbrücken with Prof. Andreas Zeller and a role as senior research fellow at the TSUNAMi Security Research Centre in Singapore. Marcel leads his group with a reproducibility policy (https://mboehme.github.io/manifesto), such that all tools and data are made available as open-source, and in some cases have been upstreamed for integration into popular fuzzers, such as AFL and LibFuzzer. His fuzzers discovered 100+ bugs in widely-used software systems, more than 60 of which are security-critical vulnerabilities registered as CVEs at the US National Vulnerability Database. His most recent fuzzer, Entropic, powers the two largest continuous fuzzing platforms at Google and Microsoft.

SWS

AG Audience

English

Note: We use this to send email in the morning.

Date, Time and Location

Tuesday, 9 March 2021

10:00

60 Minutes

Virtual talk

Saarbrücken

Abstract

To establish software security at scale, we need efficient automated vulnerability discovery techniques that can run on thousands of machines. In this talk, we will discuss the abundant opportunities and fundamental limitations of fuzzing, one of the most successful vulnerability discovery techniques. We will explore why only an exponential number of machines will allow us to discover software bugs at a linear rate. We will discuss the kind of correctness guarantees that we can expect from automatic vulnerability discovery, anywhere from formally proving the absence of bugs to statistical claims about program correctness. We shall touch upon unexpected connections to ecological biostatistics and information theory which allow us to address long-standing scientific and practical problems in automatic software testing. Finally, we will take a forward looking view and discuss our larger vision for the field of software security.

--

Please contact MPI-SWS Office for Zoom link information

Contact

Danielle Dalton

+49 681 9303 9106

--email hidden

System used:

Meeting URL:

Meeting ID:

Passcode:

passcode not visible

Code Visible for:

logged in users only

Danielle Dalton, 02/10/2021 14:36 -- Created document.

Imprint / Impressum | Data Protection / Datenschutzhinweis