CROSSING Research Seminar

Organizer: Jacqueline Brendel, CROSSING

Abstract

This talk introduces the most recent work on hidden dangers caused by the unsafe API in Go and glimpses at the use of Docker for research.

Memory-safe languages support developers in avoiding memory safety vulnerabilities. For example, Android – a widespread operating system for mobile phones – had a significant drop in memory safety vulnerabilities by using more memory-safe languages for new features. While memory-safe languages provide strong protection by design, they provide an escape hatch via unsafe libraries.

This talk will share shortly recent work on the unsafe API in the programming language Go. Concretely, Anna-Katharina will share a few results on unsafe usages in the wild that occur more frequently than initially expected. Afterward, she will share their recent work to classify unsafe usages to understand the motivation to use the unsafe API in the first place. Further, the talk will share the idea of Docker on a high level. The underlying motivation is that we realized during a collaboration that we approached reproducible research differently and can learn from each other.

Speaker Bio

Anna-Katharina Wickert is a Ph.D. student in the Software Technology Group of Mira Mezini at TU Darmstadt. She contributes to project E1 “Secure Integration of Cryptographic Software” and CogniCrypt. Before starting her Ph.D., she completed the Master`s degree in IT-Security at TU Darmstadt and visited the University of Oslo to collaborate on her research for a static analysis in Go. Her research interests include static analyses, API misuses, and providing as well as improving tooling that can help to identify and understand API misuses for security-critical APIs.