WHEN: January 9, 2018 10:50-11:55 a.m.

WHERE: KACB 1456

WHAT: Stelios Sidiroglou-Douskos Talk

TITLE: Automating Software Engineering  for Improved Security and Reliability

BIO: Stelios Sidiroglou-Douskos is a research scientist at the Computer Science and Artificial Intelligence Laboratory at MIT and CEO of AarnoLabs. His research focuses on developing automated programming systems that combine  program analysis and runtime systems to improve software reliability, security, and performance. Previously, he co-founded Locu, Inc. (acquired by GoDaddy). Stelios holds a Ph.D. from Columbia University.

ABSTRACT: Software is becoming increasingly complex and sophisticated as computing devices become more pervasive. At the same time, approaches for software development and maintenance have not evolved commensurately to this complexity, leading to brittle, insecure programs with errors ranging from runtime failures to large-scale security violations. As software continues to increase in complexity, it is necessary to fundamentally change the capabilities of development environments to prevent exponential increases in errors. 

In this talk, I will present three automated techniques that improve the reliability, security, and maintainability of software systems: DIODE, CodePhage, and CodeCarbonCopy.  DIODE is a new system for finding overflow bugs deep inside complex applications. DIODE is designed to identify relevant sanity checks that inputs must satisfy to trigger overflows at target memory allocation sites, then generate inputs that satisfy these sanity checks to successfully trigger the overflow. CodePhage is the first system for automatically patching overflow bugs by transferring correct security checking code from donor applications into recipient applications that process the same inputs to successfully eliminate errors in the recipient. CodeCarbonCopy extends  CodePhage by enabling the transfer of functions rather than security checks. It is the first system for automatically transferring source code from a donor application into a recipient application. Together, these systems form a synergistic interaction where bug discovery tools feed automatic patching (and code transfer) systems to ultimately produce more reliable systems.