Department of Computer Science tenure-track faculty candidate Wen Li will give a research presentation on Friday, March 8, 2024, from 3-4 p.m. in Rekhi 214. The title of Li’s talk is, “Run-Time Analysis and Security of Multi-Language Systems.” A social hour will follow in Rekhi 218. Snacks and beverages will be served.
Talk Abstract
The prevalence of multi-language software has surged, yet security defenses for such systems remain inadequately supported. Traditional methods like program analysis and fuzzing face challenges in this context. In my Ph.D. research, I proposed a suite of techniques to fortify the security of multi-language systems. Firstly, I introduced PolyCruise, leveraging language independent symbolic dependence analysis for effective dynamic cross-language information flow analysis. It supports diverse security applications, enhancing vulnerability detection. Addressing PolyCruise’s input coverage limitation, I introduced PolyFuzz, a framework for comprehensive greybox fuzzing in multi-language applications. PolyFuzz measures block coverage at the whole-system level, generates effective seeds through sensitivity analysis, and seamlessly supports various languages. Recognizing limitations for bugs in the lower software stack, particularly in language runtime systems, my focus shifted downward, notably to Python runtime. PyRTFuzz introduced a two-level collaborative methodology, combining generation-and mutation-based fuzzing for comprehensive testing. The Slang-based approach ensures diverse applications, marking a significant stride in securing software systems.
Speaker Bio
Wen Li, Ph.D., from Washington State University, specializes in software engineering and security, focusing on implementing diverse techniques for practical security solutions in real-world software systems. His Ph.D. work included software analysis and the development of effective fuzzing frameworks, successfully applied to real-world systems, with research published in conferences like ESEC/FSE, USENIX Security, and CCS. In addition, with a decade of industrial experience, he is also an adept software engineer, specializing in embedded software design and development, particularly in core/access networks. Coupled with ongoing research pursuits, this practical expertise equips him with profound insights into the research field and the ability to traverse new domains seamlessly.