SCS Faculty Candidate

Wednesday, March 29, 2017 - 10:00am to 11:30am

Location:

ASA Conference Room 6115 Gates Hillman Centers

Speaker:

MARIUS MINEA, Associate Professor http://staff.cs.upt.ro/~marius/

Web applications are affected by a wide array of security vulnerabilities. Of these, logical flaws in particular are good candidates for detection via model checking. However, approaches to analyze potential attacks often rely on manually constructed models. This limits the wider practical applicability of existing formal methods tools.In this talk, I will present a step to bridge this gap by analyzing web application code (specifically, Java servlets) and extracting state machine models for use by model checkers which target security properties. I will discuss suitable abstractions which are essential to limit the complexity of the generated models. These include user-specified abstractions depending on the provided specifications. We have used this tool within the SPaCIoS EU research project to find vulnerabilities using an approach that can be combined with security testing and model inference. A promising future step is to leverage these models to detect more complex chained attacks.—Marius Minea is an associate professor at the Politehnica University of Timisoara, Romania. He received his PhD from Carnegie Mellon with a thesis on model checking for timed systems, advised by Ed Clarke and was then a postdoctoral researcher at the University of California, Berkeley. His research interests are at the intersection of software analysis, testing and security, where he has led several research projects.He has taught courses on verification and security, enjoys using live coding in programming classes and has designed a discrete structures course that uses functional programming.Faculty Host: Tom Cortina

For More Information, Contact:

khibner@cs.cmu.edu

Keywords:

CSD Faculty Candidate