Measurable and Deployable Security: Gaps, Successes, and Opportunities
Danfeng (Daphne) Yao
Security measurement helps identify deployment gaps and present extremely valuable research opportunities. However, such research is often deemed as not novelty by academia. I will first share my research journey designing and producing a high-precision tool CryptoGuard for scanning cryptographic vulnerabilities in large Java projects. That work led us to publish two benchmarks used for systematically assessing state-of-the-art academic and commercial solutions, as well as help Oracle Labs integrate our detection in their routine scanning. Other specific measurement and deployment cases to discuss include the Payment Card Industry Data Security Standard, which was involved in high-profile data breach incidents, and fine-grained Address Space Layout Randomization (ASLR). The talk will also point out the need for measurement in AI development in the context of code repair. Broadening research styles by accepting and encouraging deployment-related work will facilitate our field to progress towards maturity.
Bio Item
Publication Details
Date of publication: April 25, 2021
Conference: CODASPY: Data and Application Security and Privacy
Page number(s):
Issue Number:
Publication Note: Danfeng (Daphne) Yao: Measurable and Deployable Security: Gaps, Successes, and Opportunities. CODASPY 2021: 3