Toward Automatically Evaluating Security Risks and Providing Cyber Threat Intelligence

Mar. 9, 2021 | 12 pm EDT | LINK |

Xiaojing Liao,
Indiana University Bloomington

SCP Seminal Talk
Presented by the School of Cybersecurity and Privacy

Title: Toward Automatically Evaluating Security Risks and Providing Cyber Threat Intelligence

Abstract: Program security analysis has been studied for decades. Various techniques, such as fuzzing, taint analysis, symbolic execution, have demonstrated their successes in vulnerability assessment. Today, the
availability of a large amount of program semantic data (e.g., manuals, developer documentation, related web content), and the advance of artificial intelligence technologies make it increasingly feasible to simulate human intelligence in understanding program semantics to discover software vulnerability automatically. In this talk, I will discuss my research toward in-depth and systematic semantic supports for automatic vulnerability assessment. Particularly, I will focus on two systems — Advance and Dilution — which automatically analyzes the developer’s guide to infer potential security flaws and API misuse, respectively.

Bio: Xiaojing Liao is an Assistant Professor in the Department of Computer Science at Indiana University Bloomington. Her research interests include data-driven security and privacy, with specific focuses on system security, cybercrime, as well as cyber-physical systems security and privacy. She has published papers on leading system security venues such as S&P (Oakland), Usenix Security, CCS, and NDSS. She is the recipient of the ACM SIGSAC Dissertations Award and NDSS Distinguish Paper Award.