Researchers from the Georgia Institute of Technology College of Computing developed a new cyber security analysis method that discovered 11 previously unknown Internet browser security flaws. Their findings were honored with the Internet Defense Prize, an award presented by Facebook in partnership with USENIX this week at the 24th USENIX Security Symposium.
“It is time for the Internet community to start addressing the more difficult, deeper security problems,” says Wenke Lee, professor in the School of Computer Science and an adviser to the team. “The security research community has been working on various ways to detect and fix memory safety bugs for decades, and have made progress on ‘stack overflow’ and ‘heap overflow’ bugs, but these have now become relatively easy problems. Our work studied the much harder and deeper bugs — in particular ‘use-after-free’ and ‘bad casting’ — and our tools discovered serious security bugs in widely used software, such as Firefox and libstdc++. We are grateful to Facebook for this recognition.”
view the full story here