Finding bugs and vulnerabilities in real-world software (public)
speaker DIAG:
Data dell'evento:
Mercoledì, 16 September, 2020 - 11:00
Luogo:
Aula Magna DIAG (max 20 posti) e online su piattaforma Google Meet codice accesso https://meet.google.com/toi-cksq-gef
Contatto:
demetres@diag.uniroma1.it
Emilio Coppa è risultato vincitore della procedura selettiva per n.1 posto di ricercatore a tempo determinato – tipologia A ai sensi dell’art.24, comma 3, lett. b, legge 240/2010 – per il settore concorsuale 09/H1 - settore scientifico disciplinare ING-INF/05 - codice concorso 3/2019, bandito con Decreto Rettorale D.R. n. 3333/2019 del 22/11/2019, i cui atti sono stati approvati con Decreto Rettorale D.R. n. 158/2020 del 01/09/2020.
Nell'ambito della procedura ai fini della chiamata da parte del Consiglio di dipartimento, Emilio Coppa terrà un seminario pubblico sulle attività di ricerca da lui svolte e in corso di svolgimento. Il seminario sarà svolto in modalità telematica su Google Meet ed in presenza presso l'aula Magna del DIAG Mercoledì 16 settembre 2020 alle ore 11:00. Per partecipare da remoto, connettersi all’indirizzo https://meet.google.com/toi-cksq-gef
Abstract
Finding bugs in software is essential for preventing attackers from crashing our national critical infrastructures, stealing sensitive data from our machines, and more in general performing malicious activities that could impact our everyday life. Several methodologies for finding bugs and vulnerabilities have been proposed in the literature during the last decades in the context of software testing and software security. In this talk, we review two popular approaches, symbolic execution and software fuzzing, that in the last years have seen large interest from the research community as well as the software industry. After discussing the advantages and disadvantages when applying these two approaches to real-world applications, we present the latest improvements to these techniques, focusing also on hybrid designs that aim at combining them to even get better results. Finally, we discuss a few promising research directions that could be pursued in the near future to continue improving the state-of-the-art in this context.
Short bio
Emilio Coppa got the PhD in 2015 from Sapienza University with a thesis on input-sensitive profiling techniques aimed at finding scalability issues in software. He has been a PostDoc at DIAG since 2016, studying how program analyses can be applied in the context of software security for finding bugs and vulnerabilities on real-world programs. He has been a national organizer and a local organizer/instructor for Sapienza for the CyberChallenge.IT program.
gruppo di ricerca: