Finding Security Bugs in Java Programs using Datalog
Recently, various zero-day exploits emerged for Java(TM) making computers that run Java(TM) potentially vulnerable.
- Starts at
-
TU Wien, Campus Argentinierstraße
Seminarraum -
1040 Vienna, Argentinierstrasse 8
Erdgeschoß, Eingang Paniglgasse, Raum EAEG06
Abstract
Recently, various zero-day exploits emerged for Java(TM) making computers that run Java(TM) potentially vulnerable. Though Java(TM) was designed with a strong emphasis on security and the language itself is type-safe, defects in the Java OpenJDK library permit attackers to break the security of Java(TM).
This talk gives an overview of the activities at Oracle Labs that has been developing a program analysis tool for Java. The program analysis tool will be able to identify and report security defects in the JDK library. In a pilot project, we specify security defects of Java programs in a restricted variant of Horn-Logic called Datalog. The declarative approach of expressing static program analyses has various advantages.
Biography
Bernhard Scholz is Associate Professor in Computer Science at The University of Sydney. His research interest includes Programming Languages and Compilers, Embedded Systems and Parallel Systems. Before joining The University of Sydney, he worked for the Technical University of Vienna and the University of Vienna in academic/research roles. He has also held a visiting professorship at the University of Victoria, BC, Canada, Yonsei University, South Korea, and at the Sun Microsystems Laboratories. Currently, he is visiting the Oracle Labs in Brisbane working on new techniques for Static Program Analysis.
Note
This talk is organized by the Compilers and Languages Group at the Institute of Computer Languages. Tea at the library of E185/1, Argentinierstr. 8, 4th floor (central) at 13:30.
Speakers
- Prof. Dr. Bernhard Scholz, The University of Sydney, Australia
Curious about our other news? Subscribe to our news feed, calendar, or newsletter, or follow us on social media.
Note: This is one of the thousands of items we imported from the old website. We’re in the process of reviewing each and every one, but if you notice something strange about this particular one, please let us know. — Thanks!