Tue 14 Jun 2022 15:30 - 16:30 at Boardroom - Keynote 3 + Papers Chair(s): Roberto Giacobazzi, Laura Titolo
Wed 15 Jun 2022 03:30 - 04:30 at Boardroom - Keynote 3 + Papers Chair(s): Roberto Giacobazzi, Laura Titolo

Over 50% of the security vulnerabilities we found across Meta’s family of apps (Facebook, Instagram, WhatsApp, Messenger, Oculus…) are detected automatically using Abstract Interpretation-based tools. In the talk, I will present the challenges we faced (accuracy, scale, usability, customization, inter-language analysis) and how we achieved that result. We worked in conjunction with the Meta Product Security team to focus on the bugs that matter and to constantly refine the analysis results. We designed new abstract domains, implemented a modular, compositional, non-uniform, parallel, and distributed analysis so to analyze hundreds of millions of lines of code in less than one hour, and flag security vulnerabilities at code review time, preventing security bugs to land in production code. We built a system that let us achieve inter-language analysis and a generic filtering system based on breadcrumbs that enable security engineers to customize the signal-to-noise ratio. For instance, a security engineer was able to increase the signal-to-noise ratio of results from 20% to 70% for SQL injection, by simply adding a filter on integer breadcrumbs. I will conclude the talk by debunking some myths on modular/parallel/distributed analyses, eg that modular implies scalable, and by sharing some directions on theoretical abstract interpretation that will have a huge impact in practice.

I love static static program analysis. I’ve been designing and implementing widely used static analysis tools. I published papers in the most important research conferences and gave talks at main research and industrial conferences as e.g., Build.

Tue 14 Jun

Displayed time zone: Pacific Time (US & Canada) change

15:30 - 17:20
Keynote 3 + PapersSOAP at Boardroom +12h
Chair(s): Roberto Giacobazzi University of Verona, Laura Titolo NIA/NASA LaRC

Laura Titolo is chairing the Keynote Talk by Francesco Logozzo. Roberto Giacobazzi is chairing the paper session from 16:30 to 17:20.

15:30
60m
Keynote
Using static analysis to scale security at Meta
SOAP
K: Francesco Logozzo Facebook
16:30
25m
Talk
ADA: A Tool for Visualizing The Architectural Overview of Open-Source Repositories
SOAP
P: Md Rakib Hossain Misu University of California, Irvine, Aleksandar Saša Janjanin University College London, Zhiqiang Bian University College London, Valentin-Sebastian Burlacu University College London, Naum Anteski University College London
16:55
25m
Talk
Modeling Code Manipulation in JIT Compilers
SOAP
P: HeuiChan Lim University of Arizona, Xiyu Kang University of Arizona, Saumya Debray University of Arizona

Wed 15 Jun

Displayed time zone: Pacific Time (US & Canada) change

03:30 - 05:20
Keynote 3 + PapersSOAP at Boardroom
Chair(s): Roberto Giacobazzi University of Verona, Laura Titolo NIA/NASA LaRC
03:30
60m
Keynote
Using static analysis to scale security at Meta
SOAP
K: Francesco Logozzo Facebook
04:30
25m
Talk
ADA: A Tool for Visualizing The Architectural Overview of Open-Source Repositories
SOAP
P: Md Rakib Hossain Misu University of California, Irvine, Aleksandar Saša Janjanin University College London, Zhiqiang Bian University College London, Valentin-Sebastian Burlacu University College London, Naum Anteski University College London
04:55
25m
Talk
Modeling Code Manipulation in JIT Compilers
SOAP
P: HeuiChan Lim University of Arizona, Xiyu Kang University of Arizona, Saumya Debray University of Arizona