CSIS PhD Dissertation Defense by Chidera Biringa

Wednesday, May 07, 2025 at 11:30am to 1:00pm

Date: Friday, May 7th, 2025
Time: 11:30 AM
Location: DION 311

Conference Link (Incase online attendance): https://teams.microsoft.com/l/meetup-join/19%3ameeting_Njk4NDA0YmMtNmFjNS00M2E3LWJkNDAtMjQzMWI4NmFlNjcz%40thread.v2/0?context=%7b%22Tid%22%3a%22328d6c0d-0f2f-4b76-9310-9762ba1c3e2d%22%2c%22Oid%22%3a%228d59c3b9-66a0-49de-bcd2-c29f6e6d0a6b%22%7d

Meeting ID: 273 303 373 586
Passcode: Sp3Hm3Wk 
 
Advisor: Dr. Gokhan Kul
Committee Members: Dr. Lance Fiondella,  Dr. Md Shohel Rana, Dr. Ming Shao, Dr. Jiawei Yuan
 
Abstract:

Software developers often introduce vulnerabilities --- such as hardcoded credentials and exploitable functions --- creating attack surfaces that adversaries can exploit to compromise software security. These breaches drain organizational resources, both financial and human. This dissertation addresses such vulnerabilities through advanced detection and interception strategies, targeting weaknesses in software design, microarchitecture, performance, and insecure code. To achieve this, we propose: SEAL, SPECDET, DANCE, PACE, VulStyle, and SiTM, which collectively enhancing security across the development process while achieving state-of-the-art performance in their respective domains.
 
SEAL introduces a secure design pattern to counter lateral injection attacks by decomposing user and security features into independent, collaborative components. SPECDET leverages static analysis and machine learning to detect microarchitectural Spectre vulnerabilities. DANCE employs large language models to identify credentials embedded in code, mitigating backdoor risks. PACE offers a program analysis framework that delivers real-time performance feedback on code updates. VulStyle, a pre-trained, multi-modal programming language model, enhances vulnerability detection by integrating code stylometry features and non-terminal node selection. Finally, SiTM automates vulnerability interception during development, enforcing a secure state between developers and source code management systems to ensure only secure code progresses.
 
For further information please contact Dr. Gokhan Kul
 
All EAS students are encouraged to attend. 

Dion 311
Dr. Gokhan Kul
gkul@umassd.edu