The School of Informatics, Computing, and Engineering (SICE) CS Colloquium Series
Speaker: Luyi Xing, Amazon Web Services Security
Where: Luddy Hall, Rm. 1106
When: Tuesday, February 13, 2018, 3:00 pm
Topic: Unveiling Logic Flaws in Computer Systems: Analysis, Understanding and Discovery
Abstract: Computer vulnerabilities potentially compromise the confidentiality, integrity or availability of information assets and even cause financial losses. Different from traditional vulnerabilities which are often caused by implementation mistakes (such as buffer overflow), logic flaws is another category of vulnerabilities that are caused by logic or design mistakes. Logic flaws are considered challenging to detect automatically since they are unique to each specific logic process. This talk will introduce two new types of logic flaws that we discovered on Android, iOS and Mac OS, each causing breach of fundamental security guarantee that people certainly assume on a modern operating system. Motivated by manually discovering logic flaws at first, we reason about root causes of logic flaws based on which we design effective solutions to find logic flaws in automatic manners.
Biography: Luyi Xing is a Software Engineer of AWS Security, Amazon. He received his Ph.D. from Indiana University Bloomington in 2017. His research interests include protecting computer systems through discovering and solving new types of design and logic problems in commodity systems, including iOS, OS X, Android, AWS, etc, and high-profile applications on them. What he discovered and solved are typically fundamental design problems that have practical impacts. With the in-depth understanding of systems and why/how security problems can indeed happen, he invented solutions to find security problems and protect systems automatically. His works were published in top-tier security conferences including IEEE S&P, ACM CCS, NDSS etc. and were widely covered by media including Time, CNN, Forbes, Fox News, Yahoo, etc.