Talk 1: Detection of Bugs and Security Vulnerabilities via Program Analysis and Programming Languages
Talk 2: Bug Detection in JavaScript Web Apps via Static and Dynamic Hybrid Analyses
Speaker 2: Mr Park Joonyoung, PhD Student, KAIST
COM2 Level 4
Executive Classroom, COM2-04-02
Talk 1
Abstract:
We present our journey to analyze and find bugs in applications (apps) in the wild especially JavaScript web apps and Android apps. For JavaScript web apps, we describe technical challenges in analyzing them and our solutions to address the challenges via a series of open source analysis frameworks, the Scalable Analysis Framework for ECMAScript (SAFE) family. For Android apps, we share arm-wrestling experiences with Android vulnerabilities and our tools to detect them. Finally, we present our efforts to prevent bugs and vulnerabilities via formal development of programming languages.
Biodata:
Sukyoung Ryu is an associate professor in the School of Computing at Korea Advanced Institute of Science and Technology (KAIST). Her research interests are in programming languages, program analysis, and programming environment. She received a Ph.D. in Computer Science from KAIST, worked at Harvard University and Sun Microsystems Laboratories.
Talk 2
Abstract:
Both dynamic and static analyses are widely used to find bugs in applications. Dynamic analyses can find bugs completely (without false positives) via concrete executions. Static analyses can do soundly (without false negative) based on the abstract interpretation framework. However, in JavaScript web applications, static analyses suffer from high false-positive rates due to extremely dynamic features in the language such as dynamic typing, open objects, first-class functions, and first-class property names. Dynamic analyses require lots of human effort and even automated ones are difficult to check every corner case. In order to alleviate the limitations for both analyses, I study hybrid analyses with trade-offs between soundness and precision.
This talk consists of two parts, the EventHandler-based analysis and SRA model. The EventHandler-based analysis over-approximates the given concrete event sequence so that it covers more event flows, while provide higher precision than the conservative event flow modeling in static analyzers. The SRA model is a universal model to substitute manual models in static analyzers to handle opaque code like built-in functions written in a native language. It samples and runs concrete inputs from the abstract state at the entry point of opaque code dynamically, and guesses its analysis results based on the observed execution results. I will briefly introduce my future work about a more generalized form of hybrid analyses.
Biodata:
Joonyoung Park is a Ph.D. student in the School of Computing at Korea Advanced Institute of Science and Technology (KAIST). His research interests include dynamic analysis, bug detection of web applications, and concolic testing. Park received an M.S. in computer science from KAIST.