Wed 13 Nov 2019 11:55 - 12:10 at South Park - Student Research Competition - Selected Presentations (Graduate) Chair(s): Jie M. Zhang, Jin L.C. Guo
Machine image sniping is a difficult-to-detect security vulnerability in cloud computing code. When programmatically initializing a machine, a developer must specify which machine image (operating system and file system) to use as the basis for the new machine. The developer should restrict the search to only those machine images which their organization controls: otherwise, an attacker can insert a similar but malicious image into the public database, where it might be selected instead of the image intended by the developer when initializing a new machine. We present a lightweight type and effect system that detects requests to a cloud provider that are vulnerable to an image sniping attack, or proves that no vulnerable request exists in a codebase. We prototyped our type system for Java programs that request Amazon Web Services machines, and evaluated it on more than 500 codebases, detecting 12 vulnerable requests with only 3 false positives.
Iām a Ph.D. student at the University of Washington Paul G. Allen School of Computer Science & Engineering. I work in the PLSE group on lightweight software verification. My advisor is Mike Ernst.
My current work is focused on building type systems on top of the Checker Framework to solve practical problems in software engineering.
Tue 12 Nov
15:20 - 16:00: Student Research Competition - Poster Session: Student Research Competition at Kensington Ballroom | ||||||||||||||||||||||||||||||||||||||||||
| 15:20 - 16:00 | Shuyao JiangFudan University | |||||||||||||||||||||||||||||||||||||||||
| 15:20 - 16:00 | Ali GhanbariThe University of Texas at Dallas | |||||||||||||||||||||||||||||||||||||||||
| 15:20 - 16:00 | Shao YangCase Western Reserve University | |||||||||||||||||||||||||||||||||||||||||
| 15:20 - 16:00 | Krishna NeupaneRochester Institute of Technology | |||||||||||||||||||||||||||||||||||||||||
| 15:20 - 16:00 | Kevin ZhangWayne State University | |||||||||||||||||||||||||||||||||||||||||
| 15:20 - 16:00 | Bolin WeiPeking University | |||||||||||||||||||||||||||||||||||||||||
| 15:20 - 16:00 | Rashmi MudduluruUniversity of Washington, Seattle | |||||||||||||||||||||||||||||||||||||||||
| 15:20 - 16:00 | Krishna Murthy Kattiyan RamamoorthySan Diego State University | |||||||||||||||||||||||||||||||||||||||||
| 15:20 - 16:00 | Li YuNanjing University | |||||||||||||||||||||||||||||||||||||||||
| 15:20 - 16:00 | Gargi BalasubramaniamBirla Institute of Technology and Science, Pilani, K K Birla Goa Campus | |||||||||||||||||||||||||||||||||||||||||
| 15:20 - 16:00 | Daye NamCarnegie Mellon University | |||||||||||||||||||||||||||||||||||||||||
| 15:20 - 16:00 | Martin KelloggUniversity of Washington, Seattle | |||||||||||||||||||||||||||||||||||||||||
| 15:20 - 16:00 | Shengcheng YuNanjing University, China File Attached | |||||||||||||||||||||||||||||||||||||||||
Wed 13 Nov
10:40 - 12:20: Student Research Competition - Student Research Competition - Selected Presentations (Graduate) at South Park Chair(s): Jie M. ZhangUniversity College London, UK, Jin L.C. GuoMcGill University | ||||||||||||||||||||||||||||||||||||||||||
| 10:40 - 10:55 | Ali GhanbariThe University of Texas at Dallas | |||||||||||||||||||||||||||||||||||||||||
| 10:55 - 11:10 | Rashmi MudduluruUniversity of Washington, Seattle | |||||||||||||||||||||||||||||||||||||||||
| 11:10 - 11:25 | Shao YangCase Western Reserve University | |||||||||||||||||||||||||||||||||||||||||
| 11:25 - 11:40 | Krishna Murthy Kattiyan RamamoorthySan Diego State University | |||||||||||||||||||||||||||||||||||||||||
| 11:40 - 11:55 | Daye NamCarnegie Mellon University | |||||||||||||||||||||||||||||||||||||||||
| 11:55 - 12:10 | Martin KelloggUniversity of Washington, Seattle | |||||||||||||||||||||||||||||||||||||||||
