今回は、SEIの研究者でありセキュアコーディングを推進している
David Keaton 氏に、米国CERTにおけるセキュリティ研究活動に
ついてご講演いただきます。
具体的には、Security Enhanced C Compilerや言語の脆弱性に関する
標準化の取組み等の詳細を解説していただきます。
◆◆第69回GRACEセミナー ◆◆
【日時】2013年9月25日(水)13:30-15:00
【会場】国立情報学研究所(NII) 22階 2208会議室
〒101-8430 東京都千代田区一ツ橋2-1-2
[http://www.nii.ac.jp/about/access/]
【参加費】無料
参加ご希望の方は,下記よりご登録をお願いいたします:
http://form1.fc2.com/form/?id=621883
【お問い合わせ先】
石川冬樹(seminar-steering_AT_grace-center.jp)
_AT_を@に書き換えてください。
—————————————-
Title: Secure Coding Research at CERT
Speaker: David Keaton, CERT Secure Coding Team, SEI/CMU
Abstract:
CERT, originally called the Computer Emergency Response Team, is known
for its management of computer security crises. However, it also
conducts long-term projects designed to reduce the number of future
incidents. David Keaton will discuss some of the organization’s
research and standardization projects, such as Thread Role Analysis, a
Pointer Ownership Model, and an international technical specification
for secure coding. David will then discuss buffer overflows, an area
that still causes significant problems, and provide details of his
work in compiler-enforced buffer overflow elimination.
Biography:
David Keaton is the chairman of the “ANSI C committee,” the
U.S. portion of the international committee that standardizes the C
programming language. He has been a voting member of the committee
since 1990. He has written compilers for everything from embedded
systems to supercomputers. He has two patents related to
compiler-assisted security mechanisms. He is now with CERT working on
integrating compilers with security.
協力:トップエスイー プロジェクト
