Informatics, TU Vienna

Finding Security Bugs in Java Programs using Datalog

Recently, various zero-day exploits emerged for Java(TM) making computers that run Java(TM) potentially vulnerable.

Abstract

Recently, various zero-day exploits emerged for Java(TM) making computers that run Java(TM) potentially vulnerable. Though Java(TM) was designed with a strong emphasis on security and the language itself is type-safe, defects in the Java OpenJDK library permit attackers to break the security of Java(TM).

This talk gives an overview of the activities at Oracle Labs that has been developing a program analysis tool for Java. The program analysis tool will be able to identify and report security defects in the JDK library. In a pilot project, we specify security defects of Java programs in a restricted variant of Horn-Logic called Datalog. The declarative approach of expressing static program analyses has various advantages.

Biography

Bernhard Scholz is Associate Professor in Computer Science at The University of Sydney. His research interest includes Programming Languages and Compilers, Embedded Systems and Parallel Systems. Before joining The University of Sydney, he worked for the Technical University of Vienna and the University of Vienna in academic/research roles. He has also held a visiting professorship at the University of Victoria, BC, Canada, Yonsei University, South Korea, and at the Sun Microsystems Laboratories. Currently, he is visiting the Oracle Labs in Brisbane working on new techniques for Static Program Analysis.

Note

This talk is organized by the Compilers and Languages Group at the Institute of Computer Languages.
Tea at the library of E185/1, Argentinierstr. 8, 4th floor (central) at 13:30.