Event Date
Precise and Scalable Program Analysis for Software Security
Bio
Tapti Palit is a CRA Computing Innovation Fellow at Purdue University, working under the guidance of Dr. Pedro Fonseca at the Reliable and Secure Systems Lab. Her research interests lie at the intersection of software security and program analysis. Before starting the postdoctoral position at Purdue University, Tapti graduated with a Ph.D. from Stony Brook University, under the guidance of Dr. Michalis Polychronakis, where she worked on building mitigations against data leakage attacks.
Abstract
Many security mitigation techniques rely on program analysis. Languages such as C/C++ support the use of pointers for indirect memory accesses. For applications written in these languages, the accuracy of program analysis, and thus the effectiveness of security mitigation, depends on the precision of the underlying pointer analysis techniques. However, despite decades of research into pointer analysis, achieving precise and scalable pointer analysis remains an open problem.
In this talk, I will describe my research on improving the scalability and precision of pointer analysis algorithms for software security. I will first present the Invariant-Guided Pointer Analysis technique that improves the precision of Control Flow Integrity techniques by 59%. Then, I will introduce Sensitive Data Encryption, a mechanism to protect sensitive data against data-only attacks, and discuss how we augmented static pointer analysis with information available at runtime to reduce overhead and improve scalability. Finally, I will present my vision for future research.