[HGI-News-de] HGI-Kolloquium am 27.11.2013: "Information Retrieval and Machine Learning for Interactive Bug Hunting"
Newsletter des Horst Görtz Instituts
hgi-news-deutschland at lists.ruhr-uni-bochum.de
Di Nov 26 09:51:21 CET 2013
Sehr geehrte Damen und Herren,
im Rahmen des HGI-Kolloquiums, organisiert von der Arbeitsgruppe
Sichere Hardware und dem Horst-Görtz-Institut der Ruhr-Universität
Bochum, wird Fabian Yamaguchi von der Universität Göttingen, am
morgigen Mittwoch, den 27.11.2013 um 16.00 Uhr s.t. in Raum
ID 03/445 über folgendes Thema referieren:
"Information Retrieval and Machine Learning for Interactive Bug
Hunting": Discovering vulnerabilities in real world code can be a
tremendous challenge. As many of today's security critical code
bases have evolved to become research topics in their own right,
fully automated, general purpose vulnerability discovery tools
usually fail in practice. In consequence, tedious manual auditing
of code remains a necessity to date.
Fortunately, practical bug hunting can benefit from tools that aim to
assist rather than replace analysts. For example, interception
proxies, tracers, disassemblers and fuzzers have shown to be highly
effective at supporting the discovery of vulnerabilities. Following
this notion, my work mostly focuses on the development of new
techniques for assisted vulnerability discovery, particularly to deal
with large and complex code bases.
In this talk, I will be presenting a new open-source code analysis
platform which you can use to mine large C/C++ code bases for
vulnerabilities using complex graph database queries. In addition, we
will see that the graph database offers a useful source of information
for custom analysis scripts. In particular, a tool built as a script
on top of the analysis platform is presented that automatically
derives simple programming rules from code using machine learning
techniques. By employing anomaly detection, we are additionally able
to detect deviations from these patterns and make them visible to
auditors as they browse code.
Zu diesem und sämtlichen weiteren Vorträgen des HGI-Kolloquiums
sind alle Studenten und Interessierten herzlich eingeladen!
Eine Voranmeldung ist nicht erforderlich!
Weitere Informationen gibt es auf folgender Webseite:
http://hgi.rub.de/hgi/hgi-seminar/
Mit freundlichen Grüßen,
Pascal Sasdrich
Mehr Informationen über die Mailingliste Hgi-News-Deutschland