CyLab Seminar: Tiffany Bao

October 21, 2024

12:00 p.m. ET

Zoom or CIC room 4105, Panther Hollow

Tiffany Bao

*Please note: this CyLab seminar is open only to partners and Carnegie Mellon University faculty, students, and staff.

Speaker:
Tiffany Bao
Assistant Professor
Arizona State University

Talk Title:
ABC of Harnessing Hacker Insights for Vulnerability Discovery: Automation, Broadening, and Correction

Abstract:
As defenses in software and operating systems become increasingly sophisticated, the task of identifying vulnerabilities in modern applications and systems has evolved into a pursuit reserved for an elite group of highly skilled hackers. These experts bring extensive experience, specialized expertise, and sharp intelligence to their work. However, the scalability of human efforts is inherently limited, error-prone, and often restricted to specific areas of expertise. In this talk, I will share insights from my experiences in harnessing the unique perspectives of these hackers. I will explore scientific approaches to automate the discovery process, enhance accuracy, and expand the range of expertise, ultimately increasing our ability to detect vulnerabilities in real-world applications.

Bio:
Tiffany Bao is an Assistant Professor at Arizona State University, where she focuses on various aspects of software security. Her research explores innovative techniques, measurements, and strategies for discovering, assessing, and defending against software vulnerabilities. Currently, she is a member of Shellphish Support Syndicate, a finalist for the AIxCC competition. As a member of the Order Of Overflow, she organized the DEFCOM CTF from 2018 to 2021. Tiffany earned her Ph.D. from Carnegie Mellon University. She is an CyLab alumna as well as a formal soda person.