CS Department Seminar: Robert C. Seacord (CERT)

February 7, 2011

Title: Dangerous Optimizations and a Loss of Causality
Speaker: Robert C. Seacord (CERT)

Time: Monday, February, 2pm 
Location: Babbio 220 
Host: Sven Dietrich 

Abstract:

Increasingly, compiler writers are taking advantage of undefined behaviors in the C and C++ programming languages to improve optimizations.  Frequently, these optimizations are interfering with the ability of developers to perform cause-effect analysis on their source code, that is, analyzing the dependence of downstream results on prior results.  Consequently, these optimizations are eliminating causality in software and are increasing the probability of software faults, defects, and vulnerabilities.  This presentation describes some common optimizations, describes how these can lead to software vulnerabilities, and identifies applicable and practical mitigation strategies.

Speaker bio:

Robert C. Seacord manages the Secure Coding Initiative at CERT, located in Carnegie Mellon’s Software Engineering Institute  (SEI) in Pittsburgh, PA.  CERT, among other security related activities, regularly analyzes software vulnerability reports and assesses the risk to the Internet and other critical infrastructure. Robert is an adjunct professor in the Carnegie Mellon University School of Computer Science and in the Information Networking Institute.

Robert started programming professionally for IBM in 1982, working in communications and operating system software, processor development, and software engineering. Robert also has worked at the X Consortium, where he developed and maintained code for the Common Desktop Environment and the X Window System.
Robert is a technical expert for the ISO/IEC JTC1/SC22/WG14 international standardization working group for the C programming language.