Institute of Computer Languages
Compilers and Languages Group

Talks 2009 - Bernhard Scholz

The Compilers and Languages Group invites you to a talk given by

Dr. Bernhard Scholz

The University of Sydney, NSW, Australia


Static Program Analysis for Bug and Security Vulnerability Checking of Systems Code

Date: Thursday, February 26th, 2009
Time: 15:00 (s.t.)
Location: TU Wien, Bibliothek E185.1, Argentinierstraße 8, 4. Stock (Mitte)


A security vulnerability is a software bug that can be exploited by an external attacker. Security vulnerabilities expose a major threat for operating systems and programs that are executed with higher privileges, as an attacker can gain total control over a computer system by exploiting vulnerabilities. Even in a rigid software development process, bugs are introduced that may result in severe security vulnerabilities. This is especially true for large legacy systems written in C and C++.

Manual code inspections are the predominant approach to find security vulnerabilities. These inspections are time-consuming, repetitive and tedious. They can never be complete or time-effective, particularly in light of the large code-bases of software systems these days (thousands to millions of lines of code). Static bug checking tools that rely on sound program analyses, promise a solution to this problem. However, designing and implementing precise and scalable program analyses is still a big challenge.

In this talk I will report on my work conducted at the Sun Microsystems Laboratories in 2007/08. I will give an overview of our new project, Parfait; a static, layered program analysis framework for checking bugs in C systems code. The framework is coupled with security domain knowledge to better cater for security vulnerabilities in large systems code. The framework was designed to provide better precision of bugs (less false positives), be scalable (produce results for millions of lines of code in a run-time efficient manner), and support security vulnerability analysis.

About Dr. Bernhard SCHOLZ:

Bernhard Scholz is senior lecturer in Computer Science at the University of Sydney. He has previously served on the Vienna University of Technology and the University of Vienna. He has also held a visiting professorship at the University of Victoria, BC, Canada and at the Sun Microsystems Laboratories. Before pursuing an academic career, Bernhard Scholz worked in industry as programmer and analyst at Baring Asset Management, London, UK. (

Sie möchten auf diesen Vortrag durch Aushang hinweisen? Eine druckfertige Einladung im pdf-Format dafür finden Sie hier.

   About Us
      Talks 2017
      Talks 2016
      Talks 2015
      Talks 2014
      Talks 2013
      Talks 2012
      Talks 2011
      Talks 2010
      Talks 2009
      Talks 2008
      Talks 2007
      Talks 2006
      Talks 2005
      Talks 2004
Fast Access:
Previous Talk
Next Talk
Faculty of Informatics
Vienna University of Technology
top | HTML 4.01 | Datenschutzerklärung | last update: 2018-05-25 (Webmaster)