In ottemperanza ai requisiti previsti dalla procedura valutativa per n.1 posto di Ricercatore Tenure Track SC 09/H1 SSD ING-INF/05 - Dipartimento di Ingegneria Informatica Automatica e Gestionale "A. Ruberti", Codice bando: 2023RTTA009, mercoledì 13 dicembre 2023 alle ore 15:00, in aula magna si terrà il seminario di Daniele Cono D'Elia che illustrerà le sue attività di ricerca svolte e in corso di svolgimento. Il seminario sarà anche trasmesso in modalità telematica su Zoom. Per partecipare da remoto connettersi all'indirizzo seguente:
Link: https://uniroma1.zoom.us/j/87988920551?pwd=Q2NtMi9EYllnMFU5ZlBORjY4aGp5Zz09
ID Meeting: 879 8892 0551
Passcode: 003159
Title: When Program Analysis May (Or May Not) Solve Your Security Problems
Abstract: Much security research deals with a needle rather difficult to thread: designing security policies that are sufficiently robust and sensitive to capture the problem at hand but can also scale to complex real-world software instances with good accuracy and performance. For many software and systems security scenarios, experience has shown that resorting to the proper program analysis can significantly improve either if not both dimensions. This observation is reflected somewhat by the remarkable cross-fertilization that the communities of security, software engineering, and programming language research have experienced for program analysis topics over the last decade.
This talk will highlight how program analysis has been the common denominator in my research activities for improving heterogeneous security policies and systems. First, we will cover special-purpose techniques for handling malicious software that shows a split personality upon detecting potential analysis attempts. Then, we will discuss two scenarios where code analyses and transformations can make software intrinsically more secure. In one, we will present compiler techniques for removing micro-architectural side-channels from industry-grade cryptographic code. In the other, we will show how program analyses can drive the work of fuzzing systems for software testing, exposing them to execution properties that they would otherwise overlook during bug searches.
Short bio: Daniele Cono D'Elia obtained his Ph.D. in Engineering in Computer Science in 2016 from Sapienza University of Rome and is employed there as an Assistant Professor as of February 2022. His research work spans several fields of software and systems security, studying how program analysis can boost accuracy and performance aspects of security policies. He co-authored several publications in top-tier conferences and journals of his reference areas. He actively participates in his community as a TPC member for those conferences and with other organizing and editorial roles. Thanks to the practical ramifications of his work, he often spoke at the Black Hat Briefings of the cybersecurity industry.