ECE Colloquium: Create the Fully Autonomous World for Software Security

Mar 13

This event has passed.

Tuesday, March 13, 2018 - 12:00pm to 1:00pm


Tiffany Bao, PhD candidate in Electrical and Computer Engineering at Carnegie Mellon University

To protect the billions of computers running countless programs, security researchers have pursued automated vulnerability detection and remediation techniques, attempting to scale such analyses beyond the limitations of human hackers. However, although techniques will mitigate, or even eliminate the bottleneck that human effort represented in these areas, the human bottleneck remains in the higher-level strategy of what to do with automatically identified vulnerabilities, automatically created exploits, and automatically generated patches. There are many choices to make regarding the specificities of such a strategy, and these choices have real implications beyond cyber-security exercises. For example, individuals make decisions on whether to patch the Spectre vulnerability given the fact that the patch affects the performance in some workloads, and nations make decisions on whether to disclose new software vulnerabilities (zero-day vulnerabilities) or to exploit them for gain. In this talk, I will introduce my work of cyber autonomy. Cyber autonomy is a new computer security research area, aiming to secure programs without human intervention, from discovering vulnerabilities, making decisions to executing decisions. While the first generation of the implemented systems have shown the potential for cyber autonomy, they are still simplistic for practical use. I will delve into the challenges in cyber autonomy and the issue of the strategy-techniques gap, explore solutions