• Speaker: Daniela Oliveira (Bowdoin)
  • Date: November 9th, 2012 (Friday)
  • Room: CIT 345
  • Title: "Holographic Vulnerability Studies: Vulnerabilities as Fractures in Interpretation as Information Flows Across Abstraction Boundaries"
  • Abstract:
We have been patching vulnerabilities for almost forty years. First it was time-of-check-to-time-of-use, then buffer overflows, then SQL injection, then cross-site scripting. Vulnerability studies are supposed to accomplish two main goals: to classify vulnerabilities into general classes so that unknown vulnerabilities of that class can be discovered in a proactive way, and to enable us to understand the fundamental nature of vulnerabilities so that when we build new systems we know how to make them secure. So why are we always patching our systems against specific instances of whatever the latest new, hot, trendy vulnerability type is? In this talk I will discuss a new paradigm for vulnerability studies: viewing vulnerabilities as fractures in the interpretation of information as the information flows across the boundaries of different abstractions. Categorizing vulnerabilities based on this view, as opposed to the types of categories that have been used in past vulnerability studies, makes vulnerability types more easily generalizable and avoids problems where vulnerabilities could be put in multiple categories.

Daniela Oliveira received her BS and MS degree in Computer Science from the Federal University of Minas Gerais in Brazil in 1999 and 2001, respectively. After working as a software engineer for three years, she started her PhD program at the Department of Computer Science at the University of California, Davis. In June 2010, she received her PhD in Computer Science from the University of California at Davis, where she specializes in computer security and operating systems. Her current research focuses on employing virtual machine and operating systems collaboration to protect OS kernels and understanding software vulnerabilities. She is also interested in leveraging social trust to help distinguishing benign and malicious pieces of data. She is the recipient of the NSF CAREER Award 2012.