Automata learning for security testing

Thursday, February 8, 2018 -
12:15pm to 1:15pm
CS 2310

Speaker Name: 

George Argyros

Speaker Institution: 





Automata learning algorithms such as the L* algorithm are a family of active
learning algorithms. They are used to automatically build a model of a system, in
the form of automata or transducers, by querying the target system and then
refining the model using counterexamples. In this talk, I will discuss new
systems, based on novel and classical automata learning algorithms, for testing
a variety of security and correctness properties in a black-box manner, i.e.
given only the ability to query the target program and without access to the
source code or binary. Specifically, I will present the following systems: (1)
Lightbulb, a framework based on symbolic automata learning algorithms, for
evaluating the robustness of Web Application Firewalls against code injection
attacks and (2) HVLearn, a system for testing the hostname verification
functionality in SSL/TLS implementations for violations of the corresponding
specification. Lightbulb and HVLearn were used to discover a number of
real-life vulnerabilities and correctness violations in popular products and
libraries. Finally, I will discuss an extension of the Lightbulb framework,
enabled by a novel transducer learning algorithm, which is used in order to evaluate the
security of string sanitizers in web applications. This framework is able to
detect non-trivial vulnerabilities which are missed by other black-box testing