We have just put online information about our two keynote presentations at ESSoS by Karsten Nohl and David Basin. Karsten Nohl will ask the question How much security is too much?, citing some lessons learned from introducing security into a new, large telecommunications startup, while David Basin will elaborate on the quirks of Security Testing and what it actually all means. I am looking forward to two exciting presentations!
We’re happy to announce that our paper “Analyzing the Gadgets – Towards a Metric to Measure Gadget Quality” has been accepted at ESSoS 2016. In this paper we present four metrics that allow assessing the usefulness of a set of gadgets (short fragments of assembly, which are the cornerstone of ROP exploits). We applied our metrics to binaries compiled with MPX, a new exploit mitigation technique by Intel, that, among other things, transforms binaries to check for buffer overflows. This transformation introduces additional gadgets and, using GaLity, we show, that such a binary contains more gadgets useful in ROP attacks than the same binary compiled without MPX.
GaLity also received the artifact evaluation award.
As of today, I have joined the editorial board of the IEEE Transactions on Software Engineering (TSE) as an associate editor. I am looking forward to receiving your very best submissions!
I am glad to report that I have just been appointed Program Chair of the 2018 International Symposium of Software Testing and Analysis (ISSTA). ISSTA is the leading research symposium on software testing and analysis, bringing together academics, industrial researchers, and practitioners to exchange new ideas, problems, and experience on how to analyze and test software systems. I wish to thank the organizing chair Frank Tip as well as the entire steering committee for this great honor.
ISSTA 2018 will be co-located with the European Conference on Object-Oriented Programming (ECOOP), in beautiful Amsterdam, Netherlands. Let’s make it a great event!