Yale University.  
Computer Science.  
     
Computer Science
Main Page
Academics
Graduate Program
Undergraduate Program
Course Information
Course Web Pages
Research
Our Research
Research Areas
Technical Reports
People
Faculty
Graduate Students
Research and Technical Staff
Administrative Staff
Alumni
Degree Recipients
Resources
Calendars
Computing Facilities
CS Talks Mailing List
Yale Computer Science FAQ
Yale Workstation Support
Computing Lab
AfterCollege Job Resource
Department Information
Contact Us
History
Life in the Department
Life About Town
Directions
Job Openings
Faculty Positions
Useful Links
City of New Haven
Yale Applied Mathematics
Yale C2: Creative Consilience of
Computing and the Arts
Yale Faculty of Engineering
Yale GSAS Staff Directory
Yale University Home Page
Google Search
Yale Info Phonebook
Internal
Internal 		 

CS Talk
April 12, 2012
10:30 a.m., AKW 200

Speaker: Stephen McCamant
Title: Securing Software at the Binary Level

Abstract: Analyzing software at the binary (machine code) level can improve accuracy and provide language-independence, but a lack of source-level structure also makes analysis more challenging. Binary code analysis is especially needed in the security context, since neither malware nor vulnerable commercial software typically comes with source code.

In this talk I'll describe three application areas in which program analysis techniques can make our software systems more secure, and in which the binary-level perspective is fruitful. First I'll show how to transform programs at the instruction level to enforce a security (module isolation) policy, such as for a web-browser plugin. Second, I'll tell how to measure a program's adherence to a quantitative information-flow policy to avoid revealing too much private information. Third, I'll use symbolic execution to generate test cases that reveal incorrect behavior in CPU emulators. I'll also discuss what I see as some of the most interesting directions for future applications of binary analysis to security, including better recovery of structural information.

Bio: Stephen McCamant is a project (research) scientist at the University of California, Berkeley, where he works primarily with the BitBlaze group. His core research focus is the application of program analysis techniques for software security and correctness. He is especially interested in binary code analysis and transformation, hybrid dynamic/static techniques and symbolic execution, information flow/taint analysis, and applications of decision procedures. He received his Ph.D from the Massachusetts Institute of Technology in 2008, with a dissertation on "Quantitative Information-Flow Tracking for Real Systems"; other projects at MIT included predicting incompatible software upgrades (an ACM SIGSOFT Distinguished Paper), and software-based fault isolation (a USENIX Security Best Paper). Earlier he received the M.S. and B.A. from MIT and UC Berkeley respectively.