[Seminar] Scalable and Automatic Vulnerability Discovery Beyond Random Testing
Georgia Institute of Technology
호스트: 전병곤 교수(x1928, 880-1928)
Today's software is gigantic and convoluted, and such increase in complexity made automated techniques to discovering security vulnerabilities essential to protect computer systems. In response to such demands, random testing, as known as fuzzing, has been flourishing due to its scalability. Fuzzing has been mitigated possible threats by quickly identifying potential vulnerabilities, however, it is fundamentally limited to discovering a certain type security vulnerabilities (e.g., memory corruption bugs) in shallow program logic.
In this talk, I will present my study on achieving advancement in automatic and scalable vulnerability discovery. First, I will introduce APISan, a tool that finds API misuse vulnerabilities by automatically learning its correct usage from source code. Next, I will present QSYM, a system for specialized symbolic execution guiding fuzzing to deeply-hidden vulnerabilities. The impacts of APISan and QSYM have been acknowledged by being nominated as a finalist in CSAW Best Applied Best Paper Award 2016 and receiving the Distinguished Paper Award in Usenix Security 2018, respectively.
Insu Yun is a Ph.D. student at Georgia Institute of Technology. He is interested in system security in general, especially, binary analysis, automatic vulnerability detection, and applied cryptography.
In addition to research, he has been participating in several hacking competitions. In particular, he received the Black Badge from DEF CON as the winner in 2015 (DEFKOR) and 2018 (DEFKOR00t).
Prior to joining Georgia Tech, he received his BS degree in Computer Science from KAIST in 2015.