Sun 23 Jun 2019 16:30 - 17:00 at 212B - Session IV Chair(s): Neville Grech

Reports about major security flaws and data breaches in both open-source and proprietary software have become almost a daily fixture. Last year alone, more than 16000 CVEs were assigned, or almost two CVEs per hour. Unfortunately, security vulnerabilities are notoriously hard to test for, they are tricky to find with general static analysis, and even the most attentive code reviewer is bound to miss many of them.

Based on the observation that many newly discovered security flaws are similar to known vulnerabilities, variant analysis has been proposed as one way out of this dilemma. Using known vulnerabilities as “seeds”, security researchers can systematically search for variants that represent potential vulnerabilities and ensure these threats are fixed properly across multiple code bases.

But doing variant analysis by hand or by textual search is time-consuming, tedious and error-prone. Instead, we propose to use Semmle’s QL language, an object-oriented dialect of Datalog with powerful support for program analysis, to codify the problematic patterns underlying a known vulnerability as a query, and then use that query to identify variants. I will give a general overview of this approach, and demonstrate a concrete example of variant analysis with QL on an open-source code base.

I am a principal software engineer at GitHub, where I mostly work on static analysis for Go and JavaScript in CodeQL. This continues the work I did at Semmle before it was acquired by GitHub.

Previously, I was an assistant professor at the School of Computer Engineering of Nanyang Technological University, Singapore; a post-doctoral researcher at IBM T.J. Watson Research Center, New York; and a PhD student at the Department of Computer Science at Oxford University.

Sun 23 Jun

Displayed time zone: Tijuana, Baja California change

16:00 - 17:00
Session IVDPA at 212B
Chair(s): Neville Grech University of Athens
Precise Program Reasoning using Probabilistic Methods
Mukund Raghothaman University of Pennsylvania, USA
Variant analysis with QL