[Pl-seminar] 3rd October : Cristina Cifuentes - Oracle Parfait: The Flavour of Real-World Vulnerability Detection

Mon Sep 24 14:35:46 EDT 2018

NUPRL Presents

Cristina Cifuentes
Oracle Labs (https://labs.oracle.com/pls/apex/f?p=labs:bio:0:21)

1:15 PM
Wednesday, October 3rd, 2018
Room 010 WVF (https://goo.gl/maps/9aNvUmG9Lcu)

*Oracle Parfait: The Flavour of Real-World Vulnerability Detection Cristina
Cifuentes, Oracle Labs*

*Abstract*

The Parfait static code analysis tool focuses on detecting vulnerabilities
that matter in C, C++, Java and PL/SQL languages.  Its focus has been on
key items expected out of a commercial tool that lives in a commercial
organization, namely, precision of results (i.e., high true positive rate),
scalability (i.e., being able to run quickly over millions of lines of
code), incremental analysis (i.e., being able to run over deltas of the
code quickly), and usability (i.e., ease of integration into standard build
processes, reporting of traces to the vulnerable location, etc).  Today,
Parfait is used by thousands of developers at Oracle worldwide on a
day-to-day basis.

In this presentation we’ll sample a flavour of Parfait — we explore some
real world challenges faced in the creation of a robust vulnerability
detection tool, look into two examples of vulnerabilities that severely
affected the Java platform in 2012/2013 and most machines in 2017/2018, and
conclude by recounting what matters to developers for integration into
today’s continuous integration and continuous delivery (CI/CD) pipelines.

*Bio*

Cristina is the Director of Oracle Labs Australia and an Architect at
Oracle. Headquartered in Brisbane, the Lab focuses on Program Analysis as
it applies to finding vulnerabilities in software and enhancing the
productivity of developers worldwide.

Prior to founding Oracle Labs Australia, Cristina was the Principal
Investigator of the Parfait bug tracking project at Sun Microsystems, then
Oracle. Today, Oracle Parfait has become the defacto tool used by thousands
of Oracle developers for bug and vulnerability detection in real-world,
commercially sized C/C++/Java applications. Parfait's success is founded on
the pioneering work in advancing static program analysis techniques by
Cristina’s team of Researchers and Engineers at Oracle Labs Australia.

Cristina’s passion for tackling the big issues in the field of Program
Analysis began with her doctoral work in binary decompilation at
Queensland’s University of Technology. In an interview with Richard Morris
for Geek of the Week, Cristina talks about Parfait, Walkabout and her
career journey in this field.

Before she joined Oracle and Sun Microsystems, Cristina held teaching posts
at major Australian Universities, co-edited Going Digital, a landmark book
on cybersecurity, and served on the executive committees of ACM SIGPLAN and
IEEE Reverse Engineering.

Cristina continues to play an active role in the international programming
language, compiler construction and software security communities. On the
weekends, she channels her interests into mentoring young programmers
through the CoderDojo network.
-------------- next part --------------
HTML attachment scrubbed and removed