Attack Surface Management in Modern Software Systems
Abstract
Modern computer systems, encompassing mobile, cyber-physical, and cloud applications, are evolving to become more interconnected and complex. These systems facilitate diverse domain interactions, which in turn increase their vulnerability and present new challenges in security. Consequently, there is a critical need to assess and manage the security and attack surfaces of modern computer systems. This task demands scalable and reliable approaches to cope with the volatility of these ecosystems, highlighting the need for principled security solutions. In this talk, I will present how novel program analysis techniques, combined with security principles, can be leveraged to manage and reduce attack surfaces. I will present LMCAS, a software debloating approach that customizes applications based on runtime configurations and eliminates superfluous code, which preserving the required functionality. I will conclude by discussing future research directions that I am eager to explore.
Mohannad Alhanahnah is a scientist in the Department of Computer Sciences at the University of Wisconsin-Madison and worked as a postdoctoral researcher for three years in the same department. He is passionate about the intersection of software engineering and cybersecurity. His research employs program analysis techniques such as static and dynamic analysis, as well as formal verification, to assess and improve the security, robustness, privacy, and safety of applications in emerging fields like the Internet of Things (IoT), Android, and machine learning. Mohannad earned his Ph.D. in Computer Engineering from the University of Nebraska-Lincoln and holds an MSc in Computer Security from the University of Kent. Previously, he was a researcher at the iTrust Lab at the Singapore University of Technology and Design, where he played a role in developing the Internet of Things Automatic Security Testbed. He also contributed to the AU2EU project during his research associate position at the Eindhoven University of Technology. Mohannad has received the ACM SIGSOFT Distinguished Paper Award and the (ISC)² Graduate Scholarship.