Friday / CS Seminar

January 5th / 10:00 AM

Online / Zoom

Zoom link: https://northwestern.zoom.us/j/94253546754

Title

"Towards Exploitability Assessment"

Abstract

The development of static and dynamic analysis tools significantly improves security analysts' capability in finding software bugs. However, security analysts lack effective, efficient methods to determine the exploitability for the identified bugs. Today, security analysts heavily rely upon their own expertise and experience in exploitability assessment. As a result, the bugs not yet demonstrated exploitability may not result from their unexploitability. Our past research indicates that determining exploitability requires tackling three critical technical challenges - (1) tracking down useful exploitation primitives, (2) bypassing exploit mitigation and protection commonly deployed, and (3) preventing unexpected program termination. In this talk, I will discuss a series of technical approaches to ease the development of working exploits and escalate the capability of a security analyst in assessing exploitability for vulnerabilities.

Biography

Xinyu Xing is an Associate Professor at Northwestern University and co-founder of Sec3. His research interest includes exploring, designing, and developing new techniques to assess and robustify software. In addition, he is also interested in exploring AI techniques to facilitate and empower cybersecurity analysis. His past research has been featured by many mainstream media, such as Technology Review, New Scientists, and NYTimes, etc. His research is supported by NSF, DARAP, ONR, NAS, and several industry partners. He is a recipient of the NSF CAREER Award , Amazon Research Award, ACM CCS Outstanding Paper Award, and ACSAC best paper award.