Browse Source

More fixes

master
Nicolas Hafner 2 years ago
parent
commit
736c5f2776
Signed by: shinmera GPG Key ID: E12B14478BE4C922
2 changed files with 47 additions and 12 deletions
  1. BIN
      presentation.pdf
  2. +47
    -12
      presentation.tex

BIN
presentation.pdf View File


+ 47
- 12
presentation.tex View File

@ -3,6 +3,7 @@
\usepackage{color}
\usepackage{minted}
\usepackage{etoolbox}
\usepackage{amsmath}
%% These fonts are non-free.
%% Comment out the lines if you don't have them.
@ -54,28 +55,29 @@
\begin{center}
\vspace{1cm}
{\LARGE Inferring Crypto API Rules \\ from Code Changes}\\
\vspace{0.5cm}
{ ETH Software Engineering Seminar 2018 }
% FIXME: names
{\small Rumen Paletov, Petar Tsankov, Veselin Raychev, Martin Vechev} \\
\vspace{2cm}
{ Presented by Nicolas Hafner} \\
\vspace{0.1cm}
{\small ETH Software Engineering Seminar 2018 }
\end{center}
\end{frame}
\begin{frame}
\title{The Problem}
\begin{itemize}
\item Security APIs are difficult to use
\item Security APIs are difficult to use correctly
\item The APIs change and evolve
\item Old techniques become vulnerable
% FIXME: improvements on tools
% current tools not suitable
\item Not many tools available for automated audits
\end{itemize}
\end{frame}
% FIXME: challenges
\begin{frame}
\title{The Paper's Approach}
\title{The Paper's Idea}
\begin{itemize}
\item Automate audits and automate rule generation!
\vspace{1cm}
\item Observe code changes in many projects
\item Look at changes in Security API uses
\item Derive security advisory rules from changes
@ -83,6 +85,15 @@
\end{itemize}
\end{frame}
\begin{frame}
\title{Challenges}
\begin{itemize}
\item Extracting information from source is difficult
\item Building or running projects not feasible
\item Rules might become too general or too specific
\end{itemize}
\end{frame}
\begin{frame}
\title{Technique Overview}
\vspace{1cm}
@ -91,7 +102,11 @@
}
\end{frame}
% FIXME: static analysis overview
\begin{frame}
\title{Static Analysis}
% FIXME: static analysis overview
\end{frame}
\begin{frame}[fragile]
\title{Static Analysis}
@ -169,7 +184,19 @@ class AESCipher{
% FIXME: add note for derived rule
\end{frame}
% FIXME: rule application
\begin{frame}
\title{Rules}
\vspace{1cm}
\makebox[\linewidth][c]{
$ \mathbf{Cipher}: \mathrm{getInstance}(X) \;\land\; (X=\mathrm{AES} \;\lor\; X=\mathrm{AES/ECB}) $
}
\begin{itemize}
\item Rule set over methods and states
\item To apply, perform static analysis on code and match logic formula on resulting DAG
\item Final rule derivation manually performed
\item Automated derivation possible, but out of scope for the paper
\end{itemize}
\end{frame}
\begin{frame}
\title{Data Set}
@ -258,7 +285,15 @@ class AESCipher{
\end{itemize}
\end{frame}
% FIXME: opinion
\begin{frame}
\title{Thoughts}
\begin{itemize}
\item Paper does not discuss any future work
\item Static analysis uses very simple grammar
\item Maybe useful to ease other API migrations
\item How to deal with languages unlike Java
\end{itemize}
\end{frame}
\begin{frame}
\title{Conclusion}

Loading…
Cancel
Save