Wed 13 Nov 2019 11:55 - 12:10 at South Park - Student Research Competition - Selected Presentations (Graduate) Chair(s): Jie M. Zhang, Jin L.C. Guo
Machine image sniping is a difficult-to-detect security vulnerability in cloud computing code. When programmatically initializing a machine, a developer must specify which machine image (operating system and file system) to use as the basis for the new machine. The developer should restrict the search to only those machine images which their organization controls: otherwise, an attacker can insert a similar but malicious image into the public database, where it might be selected instead of the image intended by the developer when initializing a new machine. We present a lightweight type and effect system that detects requests to a cloud provider that are vulnerable to an image sniping attack, or proves that no vulnerable request exists in a codebase. We prototyped our type system for Java programs that request Amazon Web Services machines, and evaluated it on more than 500 codebases, detecting 12 vulnerable requests with only 3 false positives.
Iām a Ph.D. student at the University of Washington Paul G. Allen School of Computer Science & Engineering. I work in the PLSE group on lightweight software verification. My advisor is Mike Ernst.
My current work is focused on building type systems on top of the Checker Framework to solve practical problems in software engineering.
Tue 12 Nov Times are displayed in time zone: Tijuana, Baja California change
Wed 13 Nov Times are displayed in time zone: Tijuana, Baja California change
10:40 - 12:20: Student Research Competition - Selected Presentations (Graduate)Student Research Competition at South Park Chair(s): Jie M. ZhangUniversity College London, UK, Jin L.C. GuoMcGill University | |||
10:40 - 10:55 | Toward Practical Automatic Program Repair Student Research Competition Ali GhanbariThe University of Texas at Dallas | ||
10:55 - 11:10 | Verifying Determinism in Sequential Programs Student Research Competition Rashmi MudduluruUniversity of Washington, Seattle | ||
11:10 - 11:25 | An Image-inspired and CNN-based Android Malware Detection Approach Student Research Competition Shao YangCase Western Reserve University | ||
11:25 - 11:40 | User Preference Aware Multimedia Pricing Model using Game Theory and Prospect Theory for Wireless Communications Student Research Competition Krishna Murthy Kattiyan RamamoorthySan Diego State University | ||
11:40 - 11:55 | API Design Implications of Boilerplate Client Code Student Research Competition Daye NamCarnegie Mellon University | ||
11:55 - 12:10 | Compile-time detection of machine image sniping Student Research Competition Martin KelloggUniversity of Washington, Seattle |