Securing Networks by Detecting Logical Flaws in Protocol Implementations
Dr. Endadul Hoque
Postdoctoral Research Associate, Northeastern University
12:00pm Wednesday, 22 February 2017, ITE 325b, UMBC
Implementations of network protocols are integral components of various networked computing systems, spanning from Internet-of-Things (IoT) to enormous data centers. Research efforts to defend these implementations by introducing new designs for security and advocating best practices in secure programming are not always feasible, nor effective. Even rigorous analysis of the design of a protocol is not sufficient, as indicated by the frequent reports of bugs discovered in protocol implementations after deployment. Hence, it is crucial to develop automated techniques and tools to help programmers detect logical flaws in actual implementations of protocols.
In this talk, I will first present an automated compliance checker to analyze operational behavior of a protocol implementation for detecting semantic bugs, which cause the implementation fail to comply with its specifications. Next, I will present an automated testing tool to analyze robustness of a protocol implementation against malicious attacks mounted to degrade its runtime performance (e.g., throughput). Finally, I will conclude with several directions for future research to aid the development of secure networked systems.
Endadul Hoque is a Postdoctoral Research Associate in the College of Computer and Information Science at Northeastern University. He received his PhD in Computer Science from Purdue University in 2015. His research revolves around practical cybersecurity problems in the networking domain. His current research focuses on leveraging program analysis and formal verification techniques to create automated analysis tools for ensuring secure and reliable operations of networked systems. During his PhD, he received the Graduate Teaching Fellowship award in 2014 and the Bilsland Dissertation Fellowship award in 2015. His research on automated adversarial testing has also been integrated into course curriculum at Purdue University for teaching secure distributed systems programming.