报告题目:Dynamic Program Analyses and Their Applications
报告日期及时间:6月28日周二10:00
报告地点:E202
报告人:张翔宇
报告人单位: Purdue Universit
报告人简介: Xiangyu Zhang is an associate professor at Purdue University and He will become a full professor in August. He received his PhD degree in the University of Arizona in 2006.
He is currently supervising 13 PhD students, working on dynamic and static program analysis and their applications in debugging, testing, forensic analysis, and data processing. He is currently a Purdue University Scholar. He has received the 2006 ACM SIGPLAN Distinguished Doctoral Dissertation Award, NSF Career Award, ACM SIGSOFT Distinguished Paper Awards, Best Student Paper Award on USENIX'14, Best Paper Award on CCS'15 and Distinguished Paper Award on NDSS'16.
报告摘要: Dynamic program analyses analyze runtime information collected during program execution. They can be classified to two categories: temporal analysis that inspects execution history and spatial analysis that studies states of program execution (e.g., memory states and disk states). They have a wide range of applications in various areas such as software debugging, testing and security. In this talk, I will introduce a number of dynamic analysis projects in my group. Particularly, I will present two kinds of temporal analyses: (1) audit logging; and (2) forced execution. Audit logging analyzes software system behavior by inspecting their system level event traces such as file reads/writes and sockets sends/receives. It is critical for understanding advanced security attacks to enterprise systems. Forced execution forces a program to execute even when the required environmental and input conditions are not satisfied. It is highly-effective in disclosing hidden malicious logic in executable programs. I will also introduce memory forensic analysis, which is a kind of spatial analysis. It inspects the memory snapshot of a process to recover critical information such as the files that are being edited in a document processing software, the ongoing conversation in a social-networking software, and the pictures that were taken by a camera app in the past but not saved to disk. Such information is extremely useful in attack investigation
邀请人: 徐宝文教授
