Program analysis is the process of automatically analyzing program code and/or behavior to learn a property such as correctness, robustness, safety and liveness. As software has been dramatically becoming more and more complicated and ubiquitous, program analysis has been increasingly used to solve critical computer science, software engineering, and cybersecurity problems. Tremendous effort has been invested by both the industry and academia to use and develop program analysis techniques for identifying and addressing software bugs, particularly software vulnerabilities, which are frequently exploited by real-world attacks, such as the series of Russian attacks on U.S federal agencies in 2020, the data leakage of over 500 million Facebook users' private information in 2021, and the pervasive ransomware attacks nowadays. Due to the severity of software vulnerabilities, many software vendors such as Google, Microsoft, Adobe, have incorporated the use of program analysis tools as part of their software development life cycle.
The purpose of the course is to introduce concepts and techniques that allow us to apply program analysis to solve problems. After taking the course, you will be able to
• formulate a problem in a way so that it is solvable using program analysis
• implement and use popular program analysis techniques, such as control flow analysis and data flow analysis, to solve problems
• analyze and mitigate software vulnerabilities rapidly
• use and extend state-of-art automatic vulnerability mitigation tools to mitigate real-world vulnerabilities
The course is intended as an advanced course. There will be homework assignments, reading assignments, a project and a final take-home exam. The lectures will be open to students’ suggestions and input.
If you are interested in automatically analyzing program code, synthesizing program code, identifying software bugs (particularly vulnerabilities), and addressing software vulnerabilities, this is the course for you!