CS SEMINAR:Attack Surface Management in Modern Software Systems | Mühendislik ve Doğa Bilimleri Fakültesi

Speaker: Dr.Mohannad Alhanahnah

Title: Attack Surface Management in Modern Software Systems

Date/Time: January 17, 2024 16:00

Zoom Link:https://sabanciuniv.zoom.us/my/balcisoy

Abstract:Modern computer systems, encompassing mobile, cyber-physical, and cloud applications, are evolving to become more interconnected and complex. These systems facilitate diverse domain interactions, which in turn increase their vulnerability and present new challenges in security. Consequently, there is a critical need to assess and manage the security and attack surfaces of modern computer systems. This task demands scalable and reliable approaches to cope with the volatility of these ecosystems, highlighting the need for principled security solutions.

In this talk, I will present how novel program analysis techniques, combined with security principles, can be leveraged to manage and reduce attack surfaces. I will discuss two strategies for this management, focusing on applying the minimization principle at both the code and data levels. First, I will present LMCAS, a software debloating approach that customizes applications based on runtime configurations and eliminates superfluous code. Then, I will introduce minTAP, a framework that generates specialized minimizers to enforce the release of only the necessary user data attributes in Trigger-Action Platforms (TAPs). These proposed minimization strategies effectively shrink the potential attack surface and uphold user privacy. I will conclude by discussing future research directions that I am eager to explore.

Bio:Mohannad Alhanahnah is a scientist in the Department of Computer Sciences at the University of Wisconsin-Madison and served as a postdoctoral researcher for three years in the same department. He is passionate about the intersection of software engineering and cybersecurity. His research employs program analysis techniques such as static and dynamic analysis, as well as formal verification, to assess the security, robustness, privacy, and safety of applications in emerging fields like the Internet of Things (IoT), Android, and machine learning.

Mohannad earned his Ph.D. in Computer Engineering from the University of Nebraska-Lincoln and holds an MSc in Computer Security from the University of Kent. Previously, he was a researcher at the iTrust Lab at the Singapore University of Technology and Design, where he played a pivotal role in developing the Internet of Things Automatic Security Testbed. He also contributed to the AU2EU project during his research at the Eindhoven University of Technology. Mohannad has received the ACM SIGSOFT Distinguished Paper Award and the (ISC)² Graduate Scholarship, and holds one issued patent.