Skip to main content
CSE Colloquium Series: Michael Zhivich | Department of Computer Science and Engineering | Michigan State University

Improving Software Security and Robustness Using Automated Testing 

Spring 2009 CSE Colloquium Series

Michael Zhivich

Technical Staff Member
MIT Lincoln Laboratory

Friday, February 20
11:00 AM - 12:00 PM
3105 Engineering Building

Host: Alex Liu

Abstract

The complexity of software required to operate modern real-time embedded systems (used in satellites and critical infrastructure control) makes it prone to programming errors. Software developers perform rigorous functionality tests to reduce errors; nevertheless, serious problems such as memory corruption and resource leaks may remain in software operating critical systems. These errors in turn create vulnerabilities that, if exploited, can affect the availability, reliability, and integrity of operations and thus degrade the system's overall robustness.

This talk will discuss automated testing and analysis tools that can help developers discover and redress these kinds of vulnerabilities before software is put in operation. The focus of the talk will be on MIT Lincoln Laboratory's DEADBOLT tool that automatically discovers memory corruption problems, resulting not only in more robust and secure software, but in lowered development and maintenance costs for both software developers and users.

Biography

Mr. Michael Zhivich is a member of the technical staff in the Information Systems Technology Group at MIT Lincoln Laboratory, where he conducts research and development in the area of program analysis and testing aimed at discovering security vulnerabilities. His recent work includes a study evaluating the effectiveness and performance of existing dynamic buffer overflow detection tools and design and implementation of an adaptive testing system for automated buffer overflow detection.

In his current work, Mr. Zhivich is developing automated software testing tools aimed at enabling software developers to create more secure and robust applications. The current effort focuses on critical infrastructure protection (in particular, SCADA and process control systems) and the challenges posed by creating software for real-time embedded environments with limited resources. In addition to software testing and program analysis, Mr. Zhivich's interests include cryptography, usability and economic implications of security.

Mr. Zhivich holds S.B. and M.Eng. degrees in Computer Science and Electrical Engineering from Massachusetts Institute of Technology.