Abstract: Open-source software is everywhere and has become the backbone of today's cyber world, out of which, systems software such as operating-system kernels is arguably the most critical one, and its security may affect billions of devices and users. Modern systems have become extremely complex, often containing millions of lines of code written in unsafe programming languages. As a result, they are unfortunately insecure, and a single security bug (vulnerability) may compromise the whole system and beyond. In this talk, I will discuss how to secure open-source systems in a principled and practical manner. I will first introduce three important properties of open-source systems: understandability, assurability, and sustainability. Correspondingly, I will then discuss how to achieve these properties with an overarching, three-pronged approach: program understanding, secure-by-design defense, and sustainable security protection. For each part of the approach, I will specifically share our recent accomplishments. At last, I will conclude by discussing some challenging but exciting research opportunities for future work.
Bio: Dr. Kangjie Lu is an assistant professor in the Computer Science & Engineering Department of the University of Minnesota-Twin Cities. His research interests include security and privacy, program analysis, operating systems, and security ethics. He is particularly interested in developing both principled approaches that address fundamental security problems and practical techniques that secure real-world systems. His research also frequently intersects with other fields such as machine learning and NLP, programming languages, compilers, architecture, and formal methods. His research results are regularly published at top-tier venues and have led to many important security updates in widely used software systems such as the Linux kernel, the Android OS, the FreeBSD kernel, Apple's iOS, OpenSSL, PHP, etc. He is a recipient of the NSF CAREER award 2021 and won the best paper award at ACM CCS 2019 and a distinguished paper award at ACSAC 2022. He received his Ph.D. in Computer Science from the Georgia Institute of Technology.