[CSENews] [Fwd: CSE Colloquium Friday, February 20: Michael Zhivich]

Fri Feb 13 09:10:59 EST 2009

If you interested, feel free to attend.

-------- Original Message --------
Subject: 	CSE Colloquium Friday, February 20: Michael Zhivich
Date: 	Fri, 13 Feb 2009 09:00:16 -0500
From: 	glasskim <glasskim at cse.msu.edu>
To: 	eng_all at egr.msu.edu

  Improving Software Security and Robustness Using Automated Testing 

    Spring 2009 CSE Colloquium Series <http://www.cse.msu.edu/?Pg=143&Col=2>

*Michael Zhivich*

Technical Staff Member
MIT Lincoln Laboratory

Friday, February 20
11:00 AM - 12:00 PM
3105 Engineering Building 
<http://www.maps.msu.edu/interactive/index.php?location=eb>

Host: Alex Liu <http://www.cse.msu.edu/%7Ealexliu/>

      Abstract

The complexity of software required to operate modern real-time embedded 
systems (used in satellites and critical infrastructure control) makes 
it prone to programming errors. Software developers perform rigorous 
functionality tests to reduce errors; nevertheless, serious problems 
such as memory corruption and resource leaks may remain in software 
operating critical systems. These errors in turn create vulnerabilities 
that, if exploited, can affect the availability, reliability, and 
integrity of operations and thus degrade the system's overall robustness.

This talk will discuss automated testing and analysis tools that can 
help developers discover and redress these kinds of vulnerabilities 
before software is put in operation. The focus of the talk will be on 
MIT Lincoln Laboratory's DEADBOLT tool that automatically discovers 
memory corruption problems, resulting not only in more robust and secure 
software, but in lowered development and maintenance costs for both 
software developers and users.

      Biography

Mr. Michael Zhivich is a member of the technical staff in the 
Information Systems Technology Group at MIT Lincoln Laboratory, where he 
conducts research and development in the area of program analysis and 
testing aimed at discovering security vulnerabilities. His recent work 
includes a study evaluating the effectiveness and performance of 
existing dynamic buffer overflow detection tools and design and 
implementation of an adaptive testing system for automated buffer 
overflow detection.

In his current work, Mr. Zhivich is developing automated software 
testing tools aimed at enabling software developers to create more 
secure and robust applications. The current effort focuses on critical 
infrastructure protection (in particular, SCADA and process control 
systems) and the challenges posed by creating software for real-time 
embedded environments with limited resources. In addition to software 
testing and program analysis, Mr. Zhivich's interests include 
cryptography, usability and economic implications of security.

Mr. Zhivich holds S.B. and M.Eng. degrees in Computer Science and 
Electrical Engineering from Massachusetts Institute of Technology.

-- 
Teresa Isela VanderSloot
Academic Advisor

Computer Science and Engineering
Michigan State University
3201 Engineering Building
East Lansing, MI 48824

Phone: (517) 353-5455 
Fax:   (517) 432-1061

iselava1 at cse.msu.edu