| |
Reducing Software’s Attack Surface with Code Debloating
|
Speaker (s):
QIAN Chenxiong
Ph.D. Candidate
School of Computer Science
Georgia Institute of Technology
|
|
Date:
Time:
Venue:
|
|
3 December 2020, Thursday
10:00am - 11:15am
This is a virtual seminar. Please register by 30 November, the webex link will be sent to those who have registered on the following day
We look forward to seeing you at this research seminar.
|
|
About the Talk
Current practice for developing and deploying software encourages the deployment of software to provide a large spectrum of features. Software with rich features usually exposes larger attack surface and makes it easier for an attack to launch attacks. In this talk, the speaker will introduce an emerging solution, code debloating, which effectively reduces software’s attack surface by removing code of unneeded features. First, he will introduce a binary rewriting framework – Razor that rewrites post-deployment software to remove unwanted code. In addition, he will introduce a framework – Slimium that customizes the web browser Chromium for visiting specific websites by removing unrequired features, resulting a slim version of Chromium with 60% of the vulnerabilities removed. Last but not least, the speaker will briefly discuss his ongoing research and future research plan.
About the Speaker
Chenxiong Qian is currently a Ph.D. candidate at the School of Computer Science in Georgia Institute of Technology. His research focus on software security and system security, specifically reducing software’s attack surface with CFI enforcement and code debloating. To do that, he adopts approaches from program analysis and leverages the state-of-the-art hardware features to build CFI enforcement systems and code debloating frameworks.
He is a tenure-track faculty candidate for the Information Systems & Technology, Cybersecurity cluster.
|
