Since May 2021, Kevin Borgolte is the professor for Software Security at the Faculty of Computer Science. In his inaugural lecture "Trustworthy and Secure Software on the Internet?!" he introduces himself and his research on detecting vulnerabilities and attacks, protecting users and applications (from each other), assessing the impact of software and network protocols on security, privacy, and trustworthiness, and analyzing their use in practice, as well as outlines future work.
When: 22nd of June 2022, 2-3 p.m, with a get-together afterwards (drinks and fingerfood will be provided)
Where: Open Space, Building MC, RUB Campus (Directions: Universitätsstraße 140)
Please register for the inaugural lecture here.
Abstract:
Software security means understanding how to build trustworthy and secure software-based systems, and assessing if existing software is actually trustworthy and secure. Today, this especially means networked client/server software, and, more often than not plain “Internet software.” Requiring an active Internet connection, like almost all apps on your smartphone, has become the new normal over the last years.
This Internet exposure, however, can also pose (severe) threats, through security and privacy issues arising from unintended protocol interactions between different software, as well as through more traditional software vulnerabilities that are now being exposed to the entire Internet. Albeit companies have started to focus on improving their security posture, incidents continue to plague us. Users have become less trusting, more privacy-conscious, and fearful of these issues, in addition to being anxious about the “Datenkraken,” but practically they also have little to no choice to say no and convenience remains top dog. This prompts the need for automated analysis techniques to identify and mitigate the threats we face.
In this talk, we first take a deeper look at some of my research on identifying vulnerabilities and attacks, protecting users and applications (from each other), assessing how software and network protocols affect security, privacy, and trustworthiness, and analyzing how they are used in practice. We conclude by discussing some of the research challenges in automatic identification of privacy threats and automatic vulnerability discovery, and we sketch out some future work.
General note: In case of using gender-assigning attributes we include all those who consider themselves in this gender regardless of their own biological sex.