Securing Low-level Software Gradually
Speaker
Jie Zhou, University of Rochester
Time
2024-05-22 14:30:00 ~ 2024-05-22 16:00:00
Location
上海交通大学软件大楼专家楼1319会议室
Host
冯宇
Abstract
The security of low-level systems software, such as web servers and operating systems, plays a foundational role in providing stable and trustworthy daily services in our modern digital world. However, the use of unsafe programming languages and lack of security principles in low-level software result in severe security issues, leading to catastrophic consequences such as widespread information leaking and data corruption.
In this talk, I will show how to fundamentally improve the security of low-level software with a gradual methodology. I will talk about enhancing the C programming language to fully prevent temporal memory safety bugs—which are among the most dangerous software vulnerabilities today. I will also present an efficient memory isolation technique and its application to protect security-critical data for embedded systems. In addition, I will briefly talk about my current work on improving the Rust programming language and my research vision regarding safe languages and compilers.
Bio
Jie Zhou is currently a postdoctoral researcher in the Department of Computer Science at the University of Rochester, where he also obtained his PhD. He will be joining the Department of Computer Science at the George Washington University as an assistant professor in Fall 2024. He works on systems and software security, with a focus on employing language-based, compiler-aided, and program analysis techniques to tackle computer vulnerabilities. He is broadly interested in computer systems and has published in venues across security, programming languages, and systems. During his PhD, he interned twice at Microsoft Research which also supported his work on improving the C programming language.