Abstract

Along with software development, system reliability and robustness have become major concerns. However, due to the complex program semantics, efficiently detecting these vulnerabilities remains challenging. This talk introduces a new perspective, search-space guided analysis with adapted memory organization, to significantly improve the performance of vulnerability detection. Unlike existing efforts that focus solely on the code itself, our approach integrates abstraction with runtime memory as both an oracle and a guidance for better vulnerability detection. The related work has received the ASPLOS Best Paper award and the Google Research Paper award. The artifact has also been successfully integrated into the most widely used compiler infrastructure, LLVM.

About the speaker

Heqing Huang is an assistant professor at the Department of Computer Science at City University of Hong Kong. His research focuses on software security, especially leveraging program analysis techniques to ensure software security rigorously. Specifically, his research takes advantage of both static and dynamic program analysis techniques as complements to address deficiency problems in existing vulnerability detection methods, such as fuzzing, symbolic analysis, and memory sanitization. On the other hand, he also aims to demonstrate the practicalness of the general research methods on specific application scenarios, e.g., Android and Linux kernels. His research has received the ASPLOS Best Paper and Google Research Paper awards. He also served on the CCS program committee and as a reviewer for TDSC, TOSEM, and TSE.