Institute of Computer Languages
Compilers and Languages Group
|Datum:||Montag, den 14. Oktober 2013|
|Zeit:||14:00 Uhr c.t. *)|
|Ort:||TU Wien, Seminarraum Argentinierstraße 8, Erdgeschoss (Eingang Paniglgasse)|
|*) Tee:||13:30 Uhr in der Bibliothek E185.1, Argentinierstraße 8, 4. Stock (Mitte)|
Recently, various zero-day exploits emerged for Java(TM) making computers that run Java(TM) potentially vulnerable. Though Java(TM) was designed with a strong emphasis on security and the language itself is type-safe, defects in the Java OpenJDK library permit attackers to break the security of Java(TM).
This talk gives an overview of the activities at Oracle Labs that has been developing a program analysis tool for Java. The program analysis tool will be able to identify and report security defects in the JDK library. In a pilot project, we specify security defects of Java programs in a restricted variant of Horn-Logic called Datalog. The declarative approach of expressing static program analyses has various advantages.
Bernhard Scholz is Associate Professor in Computer Science at The University of Sydney. His research interest include Programming Languages and Compilers, Embedded Systems and Parallel Systems. Before joining The University of Sydney, he worked for the Technical University of Vienna and the University of Vienna in academic/research roles. He has also held a visiting professorship at the University of Victoria, BC, Canada, Yonsei University, South Korea, and at the Sun Microsystems Laboratories. Currently, he is visiting the Oracle Labs in Brisbane working on new techniques for Static Program Analysis. ( http://sydney.edu.au/engineering/it/~scholz/pmwiki/pmwiki.php)
Sie möchten auf diesen Vortrag durch Aushang hinweisen? Eine druckfertige Einladung im pdf-Format dafür finden Sie hier.