Mitigating Vulnerabilities Beyond Their Life
Abstract
Security researchers have pursued automated vulnerability detection and remediation techniques to protect billions of computers worldwide. Although those techniques help to discover and patch vulnerabilities, once a vulnerability exists, the damage to the community can last beyond its patch. For example, although EternalBlue, the vulnerability of Wannacry, was wrapped up with a patch in 2017, the attacks against the vulnerability lasted until 2020. Techniques focusing on discovering or patching vulnerabilities are insufficient to stop a vulnerability from hitting the users. We need to not only find and patch vulnerabilities but also minimize their damage through a vulnerability management cycle.
This talk will introduce our recent work of mitigating vulnerabilities through and beyond their life. I will present the techniques and show how they play a role in the vulnerability management cycle. I will also discuss future directions that would proactively mitigate vulnerabilities and bring more benefits to cyberspace.
Bio:
Dr. Tiffany Bao is an Assistant Professor at Arizona State University. Her research interest is aspects of software security, which spans binary analysis techniques, game-theoretical vulnerability mitigation strategies, qualitative study on cybersecurity operations, and vulnerability risk assessment. Dr. Bao was the winner of the NSA’s Annual Best Scientific Cybersecurity Paper Award and IEEE Security and Privacy’s Best Student Paper Award. She has served as a program committee member in top-tier cybersecurity and AI conferences. Her team has discovered and responsibly reported tens of zero-day vulnerabilities to the open-source community. She is also a member of the Order Of Overflow, the formal DEF CON CTF organizer from 2018 to 2021. Dr. Bao received her Ph.D. from Carnegie Mellon University.
Please join meeting in Cummings 270 or via Zoom.
Join Zoom Meeting: https://tufts.zoom.us/j/96038251227
Meeting ID: 960 3825 1227
Passcode: see colloquium email
Dial by your location: +1 646 558 8656 US (New York)
Meeting ID: 960 3825 1227
Passcode: see colloquium email