Abstract:
Recent development of large botnets and the proliferation of malware remind us of the severity of systems software security. Today's systems software contains numerous vulnerabilities that can be exploited by an attacker. For example, Secunia reports 15 to 20 new vulnerabilities every day and more than 9,000 in 2006, an unpatched Windows XP can be compromised in 6 minutes, 22,000 new malware samples were detected every day during 2008, and the largest botnet to date contains 9 million nodes. Apparently, attacks on systems software always exist and often succeed. My research is on several facets of tools and methods that can improve the resilience of systems software to attacks, including prevention, detection, and mitigation.

In this talk, I will first present my research on preventing attacks by eliminating vulnerabilities. Specifically, I am going to discuss my solution to the TOCTTOU (time-of-check-to-time-of-use) problem, a race condition vulnerability in Unix-style file systems and a wide range of applications. I will talk about the modeling, detection, attack analysis, and prevention of TOCTTOU vulnerabilities. Then I will present my research in the mitigation of attacks, specifically how I countered transient kernel control flow attacks leveraging soft timers. I will describe the STIR Analyzer, an automated static analysis tool for the entire Linux kernel, and the STIR Checker, a run-time reference monitor that uses a virtualization-based architecture. I will finish the talk with a discussion of future research directions.

Biography:
Jinpeng Wei received his bachelor.s and master.s degrees in Computer Science from Wuhan University in Huibei, China, in 1995 and 1998, respectively. He is working on his Ph.D. in Computer Science under the supervision of Dr. Calton Pu in the College of Computing at the Georgia Institute of Technology. His research interests include malware detection, runtime integrity modeling of operating systems, information flow security in distributed systems, and software vulnerability modeling, detection, risk-assessment, and prevention. Jinpeng has published eight conference or journal papers and two books, and he is a student member of the IEEE and the ACM.