Seminar: A Hybrid Framework for the Systematic Detection of Software Security Vulnerabilities in Source Code

Dr. Aiman Hanna (Concordia University)

Tuesday, February 12, 2013, 15:00, EV 3.309

Abstract

In this talk, we address the problem of detecting vulnerabilities in software where the source code is available, such as free-and-open-source software. In this, we rely on the use of security testing conducting various analyses. Either static or dynamic analysis can be used for security testing approaches, yet both analyses have their advantages and drawbacks. In fact, while these analyses are different, they are complementary to each other in many ways. Consequently, approaches that would combine these analyses have the potential of becoming very advantageous to security testing and vulnerability detection. This has motivated the research work discussed in this talk.

For the purpose of security testing, security analysts need to specify the security properties that they wish to test software against for security violations. Accordingly, a security model extending security automata is introduced to allow such specifications. For the purpose of profiling the software behavior at run-time, various code instrumentations are needed at different program points. We hence explore this subject and introduce a compiler-assisted profiler that is based on the pointcut model of Aspect-Oriented Programming (AOP) languages. Thirdly, we explore the potentiality of static analysis for vulnerability detection and illustrate its applicability and limitations with an additional focus on reachability analysis.

Finally, we introduce a more comprehensive security testing and test-data generation framework that provides further advantages over the mere static-analysis model. The framework combines the power of static and dynamic analyses, and is used to generate concrete data, with which the existence of vulnerability is proven beyond doubt, hence mitigating major drawbacks of static analysis, namely false positives. We further illustrate the feasibility of the elaborated frameworks by developing case studies for test-data generation and vulnerability detection on various size and complexity software.

Bio

Dr. Aiman Hanna received his Bachelor in Engineering from Assuit University, Egypt in 1988, Master’s in Computer Science and Ph.D in Computer Science from Concordia University, Canada in 2000 and 2012. He worked as a Senior Software Engineer and Team Leader for more than eight consecutive years for some of the largest firms in Canada (BCE and CGI). He is currently a full-time professor at Concordia University where he has been working for nearly 22 years. His research interests include software security, secure software engineering, vulnerability detection, software security hardening, formal automatic specification, language technologies, formal semantics, and code analysis techniques. For his research work, Dr. Hanna was the recipient of the 2009 OCTAS Award from the Fédération de l'Informatique du Québec (FIQ). He has also been the recipient of the Faculty of Engineering and Computer Science Teaching Excellence Award in 1999, and Concordia University CCSL Teaching Excellence Award in 2001. Dr. Hanna holds a Professional Engineering License and is a member of Professional Engineers Ontario (PEO).