Principled and Practical Approaches to Secure Open-Source Systems and Beyond
演讲者:Prof. Kangjie Lu
职 位:Associate Professor, University of Minnesota-Twin Cities
时 间:2023年7月25日(周二)上午11点-12点
地 点:江湾校区二号交叉学科楼A6007
联系人:张谧
演讲简介
Open-source programs are everywhere and have become the backbone of today’s cyber world. Among them, system programs such as operating-system kernels and firmware are arguably the most critical ones, and their security may affect billions of devices and users. Modern systems have become extremely complex, often containing millions of lines of code written in unsafe programming languages. As a result, they are unfortunately insecure, and a single security bug (vulnerability) may compromise the whole system and even a large portion of the network. In this talk, I will discuss how to secure open-source systems with principled and practical approaches. I will first introduce three important properties of secure open-source systems: understandability, assurability, and sustainability. Correspondingly, I will then discuss how to achieve these properties with an overarching, three-pronged approach: program understanding and reasoning, secure-by-design defense, and sustainable security protection. In addition, I will introduce our scalable and precise large-system analysis framework that can enable various security applications.
关于讲者
Dr. Kangjie Lu is an associate professor in the Computer Science & Engineering Department of the University of Minnesota-Twin Cities. His research interests include security and privacy, software engineering, operating systems, and security ethics. He is particularly interested in developing both principled approaches that address fundamental security problems and practical techniques that secure real-world systems. His research also frequently intersects with other fields such as machine learning and NLP, programming languages, compilers, architecture, and formal methods. His research results are regularly published at top-tier venues and have led to many important security updates in widely used software systems such as the Linux kernel, the Android OS, the FreeBSD kernel, Apple’s iOS, OpenSSL, PHP, etc. He is a recipient of the NSF CAREER award 2021 and won the best paper award at ACM CCS 2019 and a distinguished paper award at ACSAC 2022. He received his Ph.D. in Computer Science from the Georgia Institute of Technology in 2017.
(转载自 复旦白泽战队公众号)