Automated Detection of Specification Bugs in Network Protocol Implementations

Home / Lectures / Faculty Lecture Series / Automated Detection of Specification Bugs in Network Protocol Implementations

Endadul Hoque

School of Computing and Information Sciences

---

Lecture Information:

• November 17, 2017
• 2:30 PM
• ECS 241

Speaker Bio

Endadul Hoque is an Assistant Professor in the School of Computing and Information Sciences at Florida International University. He received his Ph.D. in Computer Science from Purdue University in 2015. During 2016, he was a Postdoctoral Research Associate in the College of Computer and Information Science at Northeastern University. His research interests lie at the intersection of networked systems and security, where the overarching goal is to aid the development of secure networked systems. His current projects are focused on creating automated analysis tools to discover bugs/vulnerabilities in implementations of networked systems, including real-world implementations of network protocols and IoT systems. During his PhD, he received the Bilsland Dissertation Fellowship award in 2015 and the Graduate Teaching Fellowship award in 2014 from Purdue University. His research work has been published in top security and networking conferences (e.g., S&P, NDSS) and journals (e.g., ToN).

Description

Network protocols are notorious for their complexity. Implementing these protocols correctly is crucial to the success of secure communication. However, time and again, a plethora of security bugs has been discovered in these implementations. At one hand, some of these bugs (e.g., OpenSSL Heartbleed) violate the well-defined programming language standards (e.g., overflowing buffer), thereby making them defensible by implementation-agnostic solutions (e.g., memory error detection/protection mechanisms). On the other hand, some bugs (e.g., Apple’s goto fail) respect the programming language standards but violate the high-level protocol specifications. In this talk, I will present two automated noncompliance detection tools (CHIRON and SymCerts). CHIRON is designed for stateful network protocol implementations to detect specification bugs that violate some operational behavior of the protocol. SymCerts is designed for finding specification bugs in implementations of X.509 digital certificate validation logic (a crucial step in achieving communication security over the Internet) available in all major SSL/TLS libraries.

Categories

Academics Accomplishments Alumni Annoucement Campus Life Career development Clubs & organizations Community Course Highlight Education Explore Faculty Award Faculty Highlight Grants & Scholarships In The News News Research Student Highlight Workshops & webinars

Recent Posts

• Come Join TechTogether Miami, One of the first large gender-focused hackathons in Florida!
• Professor Hadi Amini represents KFSCIS at World Happiness Fest 2023
• Congratulations to WiCyS at FIU for winning the Student Chapter Leadership Award
• The Women in Tech Conference (WiTCON) at Florida International University generates overwhelming enthusiasm in the FIU community
• FIU hosts the InterCollegiate Programming Competition

Helpful Links

• Academics
  • Degree Programs
    • Bachelor’s Degrees
    • Graduate Programs
    • Accelerated Degrees
    • Master’s Degrees
    • Doctoral Degrees
• Advising
  • Advising Staff
  • Computer Science FAQ
  • Cybersecurity FAQ
  • Information Technology FAQ
  • Transfer Orientation Advising Sheet
  • Course Catalog
  • Academic Calendar
  • Tour
  • Other