BEGIN:VCALENDAR PRODID:-//Microsoft Corporation//Outlook 11.0 MIMEDIR//EN VERSION:2.0 METHOD:PUBLISH BEGIN:VEVENT ORGANIZER:MAILTO:j.spongberg@usyd.edu.au DTSTART:20091113T050000Z DTEND:20091113T060000Z LOCATION:The University of Sydney\, School of IT Building\, Lecture Theatre (Room 123)\, Level 1 TRANSP:OPAQUE SEQUENCE:0 UID:040000008200E00074C5B7101A82E00800000000E057CE261457CA010000000000000000100 000000FE9F93C3520A948B391E139C2921C88 DTSTAMP:20091027T034539Z DESCRIPTION:Basser Seminar Series\, School of Information Technologies\, USYD:\n\nStatic program analysis for bug checking of systems code\n\nSpeaker: Dr Bernhard Scholz\n School of Information Technologies\, The University of Sydney\n\nTime: Friday 13 November 2009\, 4:00-5:00pm\n Refreshments will be available from 3:30pm\n\nLocation: The University of Sydney\, School of IT Building\, Lecture Theatre (Room 123)\, Level 1\n\nABSTRACT\nA security vulnerability is a software bug that can be exploited by an external attacker. Security vulnerabilities expose a major threat for operating systems and systems programs that are executed with higher privileges\, as an attacker can gain total control over a computer system by exploiting vulnerabilities. Even in a rigid software development process\, bugs are introduced that may result in severe security vulnerabilities. This is especially true for large legacy systems written in C and C++.\n\nManual code inspections are the predominant approach to find security vulnerabilities. These inspections are time-consuming\, repetitive and tedious. They can never be complete or time-effective\, particularly in light of the large code-bases of software systems these days (thousands to millions of lines of code). Static bug checking tools that rely on sound program analyses\, promise a solution to this problem. However\, designing and implementing precise and scalable program analyses is still a big challenge.\n\nIn this talk I will report on my work conducted at the Sun Microsystems Laboratories in 2007/08. I will give an overview of our new project\, Parfait\; a static\, layered program analysis framework for checking bugs in C systems code. The framework is coupled with security domain knowledge to better cater for security vulnerabilities in large systems code. The framework was designed to provide better precision of bugs (less false positives)\, be scalable (produce results for millions of lines of code in a run-time efficient manner)\, and support security vulnerability analysis.\n\nSPEAKER’S BIOGRAPHY\nBernhard Scholz is senior lecturer in Computer Science at the University of Sydney. He has previously served at the Vienna University of Technology and at the University of Vienna. He has also held visiting professorships at the University of Victoria\, BC\, Canada\, at the Sun Microsystems Laboratories\, and at Yonsei University\, Korea. Before pursuing an academic career\, Bernhard Scholz worked in industry as a programmer and analyst at Baring Asset Management\, London\, UK.\n\n\nLOCATION DETAILS:\nThe School of Information Technologies is located in the new School of IT Building (J12)\, 1 Cleveland Street at the eastern end of the Darlington campus of the University of Sydney.\nMaps are available here (see coordinates L25/L26):\n http://db.auth.usyd.edu.au/directories/map/largemap00a.html \n\n SUMMARY:Basser Seminar Series\, School of Information Technologies\, USYD PRIORITY:5 X-MICROSOFT-CDO-IMPORTANCE:1 CLASS:PUBLIC BEGIN:VALARM TRIGGER:-PT1440M ACTION:DISPLAY DESCRIPTION:Reminder END:VALARM END:VEVENT END:VCALENDAR