Security for C++
Date: Wednesday, November 02, 2016
Time: 11:00 AM to 12:00 PM Note: all times are in the Eastern Time Zone
Host: CSAIL Security Seminar
Contact: Frank Wang, firstname.lastname@example.org
Speaker URL: None
TALK: Security for C++
**NOTE**: This is at 11 am instead of the normal 4 pm slot.
The talk will give an overview of various dynamic testing tools, fuzzers, and security hardening techniques developed at Google, both for user space and the Linux Kernel: The sanitizers (AddressSanitizer, ThreadSanitizer, ...) allow you to find memory corruption bugs, races, and more, both in user space and in the Kernel. libFuzzer (user space) and Syzkaller (kernel) are guided evolutionary fuzzers; they will find inputs that touch the darkest corners of your code. ControlFlowIntegrity and SafeStack are security mitigation techniques that will protect your binaries in production even if security bugs still exist and are known to adversaries.
All these tools are opensource.
Konstantin (Kostya) Serebryany is a Software Engineer at Google. His team develops and deploys dynamic testing tools, such as AddressSanitizer, MemorySanitizer, ThreadSanitizer, and libFuzzer. Prior to joining Google in 2007, Konstantin spent 4 years at Elbrus/MCST working for Sun compiler lab and then 3 years at Intel Compiler Lab. Konstantin holds a PhD from mesi.ru and a M.S. from msu.ru.
Created by Frank Wang at Thursday, September 22, 2016 at 9:42 AM.