Speaker
Yufei Wu
Description
Dynamic taint analysis (DTA) is widely used to detect information flow
vulnerabilities by tracking the propagation of taint tags at runtime.
However, existing DTA approaches rely on the assumption that the underlying
type system is secure. In reality is it often not the case. In this
presentation we will look at how attackers can manipulate object types and
directly alter taint labels, effectively bypassing taint tracking
mechanisms.
Optional: Speaker / convener biography
Yufei Wu, PhD student at Umeå, researches software security, focusing on
program analysis, software vulnerabilities, and taint tracking.
