Finding vulnerabily is an eternal problem in software development. The recent advance in vulnerabilty detection using static analysis and dynamic analysis has shown promising results. However, the high false positive rate for static analysis and slow execution for dynamic analysis have still limited the wide adoptation in the daily development. In this talk, we will present some recent work on effective combination of static analysis and dynamic analysis to find vulnerabililties. To demonstrate the effectiveness, we have applied our techniques to detect of known and unknown vulnerabilities in various open source software. This leads to a complete vulnerabilty database for open source software. To further help developers to manage the security of open source software, we have developed a platform to perform software composition analysis and manage known and unknown vulnerabilities for a better software supply chain security.
Nanyang Technological University
Dr. Yang Liu obtained his bachelor and ph.d degree in the National University of Singapore in 2005 and 2010, respectively. In 2012, he joined Nanyang Technological University as a Nanyang Assistant Professor. He is currently a full professor, director of the cybersecurity lab, Program Director of HP-NTU Corporate Lab and Deputy Director of the National Satellite of Excellence of Singapore. In 2019, he received the University Leadership Forum Chair professorship at NTU.
Dr. Liu specializes in software verification, security and software engineering. His research has bridged the gap between the theory and practical usage of formal methods and program analysis to evaluate the design and implementation of software for high assurance and security. By now, he has more than 280 publications in top tier conferences and journals. He has received a number of prestigious awards including MSRA Fellowship, TRF Fellowship, Nanyang Assistant Professor, Tan Chin Tuan Fellowship, Nanyang Research Award 2019 and 10 best paper awards and one most influence system award in top software engineering conferences like ASE, FSE and ICSE.