abstract

The future of software security is instrumentation (keynote)

Author:
Jeff Williams

Contrast Security, USA

Contrast Security, USA
View Profile

SEAD 2020: Proceedings of the 3rd ACM SIGSOFT International Workshop on Software Security from Design to DeploymentNovember 2020Pages 1https://doi.org/10.1145/3416507.3428117

Published:08 November 2020Publication History

SEAD 2020: Proceedings of the 3rd ACM SIGSOFT International Workshop on Software Security from Design to Deployment

Pages 1

ABSTRACT

Software is incredibly hard to secure because it’s a black box. We’ve spent decades trying to verify properties of software by analyz- ing the source code, scanning, fuzzing, pentesting, etc. only to be continually outpaced by software complexity. Instrumentation is a powerful approach for measuring security directly from within run- ning code. In this this talk, you’ll learn how to use the free and open source Java Observability Toolkit (JOT) project to easily create your own powerful runtime instrumentation without coding. You can use JOT to analyze security defenses, identify complex vulnerabili- ties, create custom sandboxes, and enforce policy at runtime. You can even create your own IAST tests and your own RASP defenses using JOT. Ultimately, we’ll show that security instrumentation empowers development and security to work together in harmony.

Index Terms

The future of software security is instrumentation (keynote)
1. Security and privacy
  1. Software and application security
    1. Software security engineering
    2. Web application security

Recommendations

BISM: Bytecode-Level Instrumentation for Software Monitoring
Runtime Verification
Abstract
BISM (Bytecode-level Instrumentation for Software Monitoring) is a lightweight Java bytecode instrumentation tool which features an expressive high-level control-flow-aware instrumentation language. The language follows the aspect-oriented ...
Read More
Efficient and expressive bytecode-level instrumentation for Java programs
Abstract
We present an efficient and expressive tool for the instrumentation of Java programs at the bytecode level. BISM (Bytecode-Level Instrumentation for Software Monitoring) is a lightweight Java bytecode instrumentation tool that features an ...
Read More
Odin: on-demand instrumentation with on-the-fly recompilation
PLDI 2022: Proceedings of the 43rd ACM SIGPLAN International Conference on Programming Language Design and Implementation

Instrumentation is vital to fuzzing. It provides fuzzing directions and helps detect covert bugs, yet its overhead greatly reduces the fuzzing throughput. To reduce the overhead, compilers compromise instrumentation correctness for better optimization, ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
SEAD 2020: Proceedings of the 3rd ACM SIGSOFT International Workshop on Software Security from Design to Deployment
November 2020
25 pages
ISBN:9781450381260
DOI:10.1145/3416507
General Chairs:
Matthias Galster,
Mehdi Mirakhorli,
Laurie Williams
Copyright © 2020 Owner/Author
Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 8 November 2020
Check for updates
Author Tags
IAST
Observability
RASP
appsec
instrumentation
jot
Qualifiers
- abstract
Conference

Upcoming Conference

ICSE 2025

2025 IEEE/ACM 46th International Conference on Software Engineering

April 26 - May 3, 2025

Ottawa , ON , Canada
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 0
  Total Citations
  View Citations
- 162
  Total Downloads
- Downloads (Last 12 months)25
- Downloads (Last 6 weeks)1
Other Metrics
View Author Metrics
Cited By
This publication has not been cited yet

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

The future of software security is instrumentation (keynote)

SEAD 2020: Proceedings of the 3rd ACM SIGSOFT International Workshop on Software Security from Design to Deployment

ABSTRACT

Cited By

Index Terms

Recommendations

BISM: Bytecode-Level Instrumentation for Software Monitoring

Efficient and expressive bytecode-level instrumentation for Java programs

Odin: on-demand instrumentation with on-the-fly recompilation

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Check for updates

Author Tags

Qualifiers

Conference

Upcoming Conference

Funding Sources

Other Metrics

Article Metrics

Other Metrics

Cited By

PDF Format

eReader

Digital Edition

Caption

The future of software security is instrumentation (keynote)

SEAD 2020: Proceedings of the 3rd ACM SIGSOFT International Workshop on Software Security from Design to Deployment

ABSTRACT

Cited By

Index Terms

Recommendations

BISM: Bytecode-Level Instrumentation for Software Monitoring

Efficient and expressive bytecode-level instrumentation for Java programs

Odin: on-demand instrumentation with on-the-fly recompilation

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Check for updates

Author Tags

Qualifiers

Conference

Upcoming Conference

Funding Sources

Article Metrics

Other Metrics

PDF Format

eReader

Digital Edition

Share this Publication link

Share on Social Media