SISL lands Distinguished Paper Award at the 27th USENIX Security Symposium

­

A research team from Professor V.N. Venkatakrishnan’s Systems & Internet Security Lab (SISL) including PhD student Abeer Alhuzali, Rigel Gjomemo, PhD, and Birhanu Eshete, PhD, were honored with a Distinguished Paper award at the 27th USENIX Security Symposium held in Baltimore, MD from August 15-17th. Their paper was one of five receiving the honor.

“USENIX Security is the most prestigious venue in security for practical systems work, and this  award is quite prestigious in the security community,” said Venkatakrishnan.

ABSTRACT

Modern multi-tier web applications are composed of several dynamic features, which make their vulnerability analysis challenging from a purely static analysis perspective. We describe an approach that overcomes the challenges posed by the dynamic nature of web applications. Our approach combines dynamic analysis that is guided by static analysis techniques in order to automatically identify vulnerabilities and build working exploits. Our approach is implemented and evaluated in NAVEX, a tool that can scale the process of automatic vulnerability analysis and exploit generation to large applications and to multiple classes of vulnerabilities. In our experiments,
we were able to use NAVEX over a codebase of 3.2 million lines of PHP code, and construct 204 exploits in the code that was analyzed.