***************************************************

March 30, 11 AM, Core A.  

Software Security Verification with Type Qualifiers
Rob Johnson
University of California at Berkeley

Software bugs cause almost all security vulnerabilities, and attackers
exploit these weaknesses to send Spam, launch DDOS attacks, and
defraud online banks and merchants.  By making improvements in
software security, we can prevent many of these attacks.  I will
present new static analysis techniques, based on type qualifier
inference, for automatically and efficiently finding bugs in large
software systems.  This approach has many advantages, including
scalability, precision, usability, and soundness, enabling it to
verify the absence of bugs, which is critical to security.  I have
implemented these methods in a static analysis tool, CQual, and used
it to find dozens of bugs in the Linux kernel.

-----------------------------------------------------------