Computing Community Consortium Blog

The goal of the Computing Community Consortium (CCC) is to catalyze the computing research community to debate longer range, more audacious research challenges; to build consensus around research visions; to evolve the most promising visions toward clearly defined initiatives; and to work with the funding organizations to move challenges and visions toward funding initiatives. The purpose of this blog is to provide a more immediate, online mechanism for dissemination of visioning concepts and community discussion/debate about them.


WATCH – Reflections on Decades of Defending Imperfect Software

July 14th, 2014 / in Announcements, NSF, Research News / by Helen Wright

WATCH

The next WATCH Talk is scheduled for July 17 at noon EDT. Crispin Cowan will reflect on decades of defending imperfect software. Dr. Cowan works for Microsoft adding security to existing operating systems, including the recent Windows 8.1 release. He is especially interested in usable security and effective sandboxing. 

Abstract: 

“Perfect” (bug-free) software is impractically expensive and slow to produce, and so the vast bulk of consumer and enterprise software products are shipped when they are “good enough” but far from bug-free. As a consequence, there has been a constant struggle to keep attackers from exploiting these chronically inevitable bugs. Much of that attention has been on memory corruption attacks against type-unsafe C/C++ programs, but in recent years has expanded to the web, where most development is done in dynamically typed scripting languages. This talk will review the evolution of increasingly sophisticated memory corruption defenses followed by attackers discovering how to bypass them, and how the mitigations have caused attackers to choose to exploit other, non-memory-corruption threats, and some surprising similarities between the memory corruption issue and the scripting issues.

The talk will be webcast; you can register here

WATCH – Reflections on Decades of Defending Imperfect Software

Comments are closed.