Plenary Keynote - Elisa Bertino

The Persistent Problem of Software Insecurity

Thursday July 14, 16:10 - 17:30 CET (Barcelona)
Session Chair: Munindar Singh, North Carolina State University

Abstract

Software is increasingly playing a key role in all infrastructure and application domains we may think of. Unfortunately, as we all know, software systems are still often insecure, despite the fact the “problem of software security” had been known to the industry and research communities for decades. In this talk, as an example of insecure software, we present the results of an extensive study to detect vulnerable implementations of pseudo-random number generator (PRNG) in mobile apps. The study has been carried out using an analysis tool, OTP-Lint that assesses implementations of the PRNGs in an automated manner without requiring the source code. By analyzing 6,431 commercial apps downloaded from two well-known apps market, OTP-Lint identified 399 vulnerable apps that generate predictable OTP values. We then discuss other factors that today complicate the problem of software security - a notable factor being the software supply chain. We then discuss "what it takes" to convince all parties involved in the software ecosystem to address the problem of software insecurity and outline research directions.

Brief Biography

Elisa Bertino is Samuel Conte Professor of Computer Science at Purdue University. She serves as Director of the Purdue Cyberspace Security Lab (Cyber2Slab). Prior to joining Purdue, she was a professor and department head at the Department of Computer Science and Communication of the University of Milan. She has been a visiting researcher at the IBM Research Laboratory in San Jose (now Almaden), at Rutgers University, at Telcordia Technologies. She has also held visiting professor positions at the Singapore National University and the Singapore Management University. Her main research interests include security, privacy, database systems, distributed systems, and sensor networks. Her recent research focuses on cybersecurity and privacy of cellular networks and IoT systems, and on edge analytics for cybersecurity. Elisa Bertino is a Fellow member of IEEE, ACM, and AAAS. She received the 2002 IEEE Computer Society Technical Achievement Award for “For outstanding contributions to database systems and database security and advanced data management systems”, the 2005 IEEE Computer Society Tsutomu Kanai Award for “Pioneering and innovative research contributions to secure distributed systems”, the 2019-2020 ACM Athena Lecturer Award, and the 2021 IEEE 2021 Innovation in Societal Infrastructure Award.