Write a Blog >>
Tue 10 Nov 2020 17:07 - 17:08 at Virtual room 1 - Configuration

Software configurability opens the door to misconfiguration vulnerabilities, invalid settings that expose software weaknesses. Misconfiguration is one the top ten most critical security risks and the most common. This paper envisions a world without misconfiguration vulnerabilities through the use of automated reasoning techniques to infer and secure software configurations. Real-world software, however, often lacks an explicit specification of secure configurations, relying on hand-validation by users. Real-world systems comprise many individual highly-configurable software components, making the space of possible configurations for the whole system enormous. To realize our vision and overcome these challenges, we aim to create a rigorous definition of configuration specifications, use formal methods to mechanize the inference and generation of valid configurations, and develop algorithms to automatically secure against misconfiguration.

Paul Gazzillo is an Assistant Professor of Computer Science at University of Central Florida. He received his PhD from NYU and previously worked as a Post-Doc at Yale and a Research Scholar at Stevens Institute. His research aims to make it easier to develop safe and secure software, and it spans programming languages, security, software engineering, and systems. Projects include analysis of configurable systems, side-channel attack detection, and concurrent smart contracts. His work has been published in venues such as PLDI, ESEC/FSE, and ICSE and has been recognized with a SIGPLAN Research Highlight and an NSF CAREER award.

Tue 10 Nov
Times are displayed in time zone: (UTC) Coordinated Universal Time change

17:00 - 17:02
Talk
Research Papers
Carmine VassalloUniversity of Zurich, Switzerland, Sebastian ProkschDelft University of Technology, Netherlands, Anna JancsoUniversity of Zurich, Switzerland, Harald GallUniversity of Zurich, Switzerland, Massimiliano Di PentaUniversity of Sannio, Italy
DOI Pre-print
17:03 - 17:04
Talk
Research Papers
Norbert SiegmundLeipzig University, Nicolai RuckelBauhaus-University Weimar, Janet SiegmundTU Chemnitz, Germany
DOI
17:05 - 17:06
Talk
Research Papers
Liu LiuRutgers University, USA, Sibren IsaacmanLoyola University Maryland, USA, Uli KremerRutgers University, USA
DOI
17:07 - 17:08
Talk
Visions and Reflections
Paul GazzilloUniversity of Central Florida
DOI
17:09 - 17:10
Talk
Research Papers
Qingrong ChenUniversity of Illinois at Urbana-Champaign, USA, Teng WangNational University of Defense Technology, China, Owolabi LegunsenCornell University, Shanshan LiNational University of Defense Technology, China, Tianyin XuUniversity of Illinois at Urbana-Champaign, USA
DOI
17:11 - 17:30
Talk
Paper Presentations
Carmine VassalloUniversity of Zurich, Switzerland, Liu LiuRutgers University, Nicolai RuckelBauhaus-University Weimar, Paul GazzilloUniversity of Central Florida, Qingrong ChenUniversity of Illinois at Urbana-Champaign, USA, M: Sarah NadiUniversity of Alberta