Static Analysis in Security: New Opportunities and Techniques
演讲者:Prof. Zhiyun Qian
职 位:The Everett and Imogene Ross Professor at the Department of Computer Science and Engineering, UC Riverside
时 间:2024年7月3日(周三)上午10:00-12:00
地 点:江湾校区二号交叉学科楼E1021
联系人:张源, yuanxzhang@fudan.edu.cn
演讲简介
In the rapidly evolving field of software security, static analysis serves as a cornerstone technique, offering a range of applications such as vulnerability discovery and program hardening. Unfortunately, they suffer from fundamental challenges such as tradeoffs between soundness, precision, and scalability. This talk introduces innovative approaches that significantly enhance the efficacy of static analysis.
First, we explore how Large Language Models (LLMs) can be integrated into static analysis workflows to refine and elevate the analysis process. By leveraging LLMs in a selective and targeted fashion, we aim to enhance the accuracy and contextual understanding of static analysis tools, particularly in complex codebases where traditional methods fall short.
Secondly, the talk will delve into a pioneering hybrid pointer analysis technique that seamlessly unifies data-flow-based and type-based analysis. This novel approach not only consolidates the strengths of both methods but also addresses their individual limitations, leading to a more comprehensive and efficient analysis. This hybrid model promises to scale to large-scale programs such as the Linux kernel and retains significant precision.
关于讲者
Zhiyun Qian is the Everett and Imogene Ross Professor at the Department of Computer Science and Engineering, UC Riverside. He has a broad interest in system/network security, with the general theme of vulnerability discovery and analysis, system building, and exploitation techniques. He has published over 100 papers on security: most are in top-tier venues, including a few award-winning papers such as a distinguished paper award in ACM CCS. His work has led to real-world impact with several dozens of CVEs and bug bounties, as well as tech transfer and commercialization. Outside of academia, much of his work has been featured in Black Hat, Can-SecWest, Off-By-One, Phrack magazine, Linux Kernel Security Summit, and Qualcomm SecuritySummit. He is also a Pwn20wn and GeekPwn winner.
排版:边顾
审核:张琬琪、洪赓
复旦白泽战队
一个有情怀的安全团队
还没有关注复旦白泽战队?
公众号、知乎、微博搜索:复旦白泽战队也能找到我们哦~