Wed 13 Nov 2019 11:55 - 12:10 at South Park - Student Research Competition - Selected Presentations (Graduate) Chair(s): Jie M. Zhang, Jin L.C. Guo
Machine image sniping is a difficult-to-detect security vulnerability in cloud computing code. When programmatically initializing a machine, a developer must specify which machine image (operating system and file system) to use as the basis for the new machine. The developer should restrict the search to only those machine images which their organization controls: otherwise, an attacker can insert a similar but malicious image into the public database, where it might be selected instead of the image intended by the developer when initializing a new machine. We present a lightweight type and effect system that detects requests to a cloud provider that are vulnerable to an image sniping attack, or proves that no vulnerable request exists in a codebase. We prototyped our type system for Java programs that request Amazon Web Services machines, and evaluated it on more than 500 codebases, detecting 12 vulnerable requests with only 3 false positives.
I’m a Ph.D. student at the University of Washington Paul G. Allen School of Computer Science & Engineering. I work in the PLSE group on lightweight software verification. My advisor is Mike Ernst.
My current work is focused on building type systems on top of the Checker Framework to solve practical problems in software engineering.
Tue 12 Nov
Wed 13 Nov
10:40 - 12:20: Student Research Competition - Student Research Competition - Selected Presentations (Graduate) at South Park Chair(s): Jie M. ZhangUniversity College London, UK, Jin L.C. GuoMcGill University | ||||||||||||||||||||||||||||||||||||||||||
10:40 - 10:55 | Toward Practical Automatic Program Repair Ali GhanbariThe University of Texas at Dallas | |||||||||||||||||||||||||||||||||||||||||
10:55 - 11:10 | Verifying Determinism in Sequential Programs Rashmi MudduluruUniversity of Washington, Seattle | |||||||||||||||||||||||||||||||||||||||||
11:10 - 11:25 | An Image-inspired and CNN-based Android Malware Detection Approach Shao YangCase Western Reserve University | |||||||||||||||||||||||||||||||||||||||||
11:25 - 11:40 | User Preference Aware Multimedia Pricing Model using Game Theory and Prospect Theory for Wireless Communications Krishna Murthy Kattiyan RamamoorthySan Diego State University | |||||||||||||||||||||||||||||||||||||||||
11:40 - 11:55 | API Design Implications of Boilerplate Client Code Daye NamCarnegie Mellon University | |||||||||||||||||||||||||||||||||||||||||
11:55 - 12:10 | Compile-time detection of machine image sniping Martin KelloggUniversity of Washington, Seattle |