OREGON STATE UNIVERSITY

You are here

Good Code, Bad Code, and Vulnerable Code

KEC 1007
2014-03-17 15:45:00
Speaker Information
Munawar Ha z
Assistant Professor
Department of Computer Science and Software Engineering
Auburn University

Coding is like gardening; it requires good plan, good supplies, but most importantly continuous nurture and maintenance.

In this talk, I will concentrate on refactorings and program transformations that help nurture good code by removing code smells and vulnerabilities. I will describe OpenRefactory/C, an infrastructure for building program transformations for C programs. C, in spite of its popularity, has IDEs with a limited portfolio of program transformations, with limited scalability and limited applicability to real-world programs. OpenRefactory/C aims to have full support for the C preprocessor, support for static analyses, and an API and environment that make it easy for new developers to contribute new refactorings. Refactorings that we have implemented on OpenRefactory/C are bug-free, unlike the refactorings featured in commercial IDEs such as Eclipse CDT, Visual Studio, etc.

I will also describe three complex, security-oriented program transformations that fix issues in C integers. These transformations fi xed all variants of integer vulnerabilities featured in benchmark programs of NIST's SAMATE reference dataset and 5 open source software, making the changes automatically on over 15 million lines of code. Being integrated with source code and development process, refactorings and program transformations not only help maintain good code, but also teach developers about how to write and appreciate good code.

Speaker Bio

Munawar Ha z is an assistant professor at the Department of Computer Science and Software Engineering, Auburn University. His research focuses on applying program analysis and program transformation technologies and exploring empirical data to promote tools and methodologies that e ectively improve programming experience. Dr. Ha z leads the Software Analysis, Transformation, and Security (SATS) research group. His work is supported by a grant from NSF and a Google Faculty Research Award. Dr. Ha z received his Ph.D. and MS in computer science from University of Illinois at Urbana-Champaign (UIUC) and his B.Sc. Engg. degree in computer science and engineering from Bangladesh University of Engineering and Technology (BUET). For more information: http://www.munawarhafiz.com