Automated Vulnerability Analysis and Exploit Generation for Web Applications
Venkat Venkatakrishnan, Department of Computer Science, University of Illinois, Chicago
With the rapid increase in the number of web-based cyber attacks, vulnerability analysis of web applications is an area of growing importance, as it involves proactive identification of a system's weak points before an adversary can exploit them. In this talk, I will present recent results that identify input validation vulnerabilities as well as well as application logic vulnerabilities in web applications. The main challenge is to identify vulnerabilities in existing (legacy) code, where the only available documentation of an application's behavior is its source code. We present specification inference techniques that elicit an application's intended behavior directly from code, and show how deviation from intended behavior could be used in vulnerability detection. We also discuss how we can use recent advances in constraint solving to automatically generate exploits from the identified vulnerabilities. Finally, we discuss how our exploit generation capabilities could serve as offensive technologies in the ongoing battle against cyber-crime.
Venkat Venkatakrishnan's broad research interests are in computer security and privacy. He is particularly interested in the security of software systems, in vulnerability analysis and automated approaches to preventing large-scale attacks on computer systems. He is currently Professor of Computer Science at the University of Illinois at Chicago (UIC). He received the National Science Foundation CAREER award in 2009 and has received three best paper awards including a 2009 NYU-AT&T Best Applied Cybersecurity Paper Award. His research (over 13 million in funding as PI/Co-PI) is supported by NSF, DARPA, AFOSR, and DHS. For his contributions to computer security education in the classroom at UIC, he was awarded the 2015 UIC Award for Excellence in Teaching, the highest university level teaching award. He received his Ph.D. degree in computer science from Stony Brook University in 2004.
200 University Avenue West
Waterloo, ON N2L 3G1