Computer Science Colloquium

Join GW Engineering's Department of Computer Science for another installment in their Spring 2024 Colloquium Series! The talk titled, "Scalable and Precise Program Analysis for Software Security," will be given by Dr. Tapti Palit, CRA Computing Innovation Fellow at Purdue University! This is a hybrid event so you may either attend the lecture in the Lehman Auditorium or on Zoom.

Abstract 

Many security mitigation techniques rely on program analysis. Languages such as C/C++ support the use of pointers to perform indirect memory accesses. For applications written in these languages, the accuracy of the program analysis, and thus the effectiveness of the security mitigation, depends on the precision of the underlying pointer analysis techniques. For example, Control Flow Integrity (CFI) requires the resolution of indirect function calls using function pointers to generate a precise callgraph. Similarly, Selective Data Protection, a class of promising novel mitigation techniques against data-only attacks, requires pointer analysis to resolve indirect memory accesses. However, in spite of decades of research into pointer analysis techniques, precise and scalable pointer analysis remains an open problem.

In this talk, I will describe my research on improving the scalability and precision of pointer analysis algorithms in the context of software security. First, I will present Sensitive Data Encryption (SDE), a novel mitigation technique that uses strong AES-based encryption to selectively protect in-memory program data against data leakage. Then, I will discuss a novel technique that combines dynamic analysis with static analysis to improve the precision and scalability of the underlying pointer analysis, thus allowing us to automatically retrofit SDE to large applications with a minimum performance overhead. Finally, I will present a novel invariant-guided pointer analysis technique that can improve the precision of pointer analysis by up to 10X.

Bio

Tapti Palit is a CRA Computing Innovation Fellow at Purdue University, working under the guidance of Dr. Pedro Fonseca at the Reliable and Secure Systems Lab. Her research interests lie at the intersection of software security and program analysis. Prior to starting the postdoctoral position at Purdue University, Tapti graduated with a Ph.D. from Stony Brook University, under the supervision of Dr. Michalis Polychronakis, where she worked on building mitigations against data leakage attacks.