Improving Software Security and Robustness Using Automated Testing
Technical Staff Member
MIT Lincoln Laboratory
Friday, February 20
11:00 AM - 12:00 PM
3105 Engineering Building
Host: Alex Liu
The complexity of software required to operate modern real-time embedded systems (used in satellites and critical infrastructure control) makes it prone to programming errors. Software developers perform rigorous functionality tests to reduce errors; nevertheless, serious problems such as memory corruption and resource leaks may remain in software operating critical systems. These errors in turn create vulnerabilities that, if exploited, can affect the availability, reliability, and integrity of operations and thus degrade the system's overall robustness.
This talk will discuss automated testing and analysis tools that can help developers discover and redress these kinds of vulnerabilities before software is put in operation. The focus of the talk will be on MIT Lincoln Laboratory's DEADBOLT tool that automatically discovers memory corruption problems, resulting not only in more robust and secure software, but in lowered development and maintenance costs for both software developers and users.
Mr. Michael Zhivich is a member of the technical staff in the Information Systems Technology Group at MIT Lincoln Laboratory, where he conducts research and development in the area of program analysis and testing aimed at discovering security vulnerabilities. His recent work includes a study evaluating the effectiveness and performance of existing dynamic buffer overflow detection tools and design and implementation of an adaptive testing system for automated buffer overflow detection.
In his current work, Mr. Zhivich is developing automated software testing tools aimed at enabling software developers to create more secure and robust applications. The current effort focuses on critical infrastructure protection (in particular, SCADA and process control systems) and the challenges posed by creating software for real-time embedded environments with limited resources. In addition to software testing and program analysis, Mr. Zhivich's interests include cryptography, usability and economic implications of security.
Mr. Zhivich holds S.B. and M.Eng. degrees in Computer Science and Electrical Engineering from Massachusetts Institute of Technology.