In this talk, I introduced a scalable and practical security analysis and automatic exploit generation approach, which is called TaintSpot. It works based on an optimized hybrid taint analysis technique that combines static and dynamic vulnerability analysis. TaintSpot generates concrete exploits based on concolic testing for programs written for the Java Virtual Machine (JVM) ecosystem.TaintSpot is specially designed for operating on large-scale proprietary executable binaries with multiple external dependencies.

In this talk, I introduced my under development programming language Asterisk. This languages aims to empower the Ethereum community to deploy robust code for business-critical and high-value use cases. Asterisk’s compilation architecture leverages Scala, and therefore, the generated smart contracts by Asterisk are cross-platform in the sense that a compiled contract runs on all platforms for which there exists a Java Virtual Machine (JVM). The compiler structure also supports formal verification to guarantee the reliability and safety of the bytecode produced by Asterisk at runtime.

Stuxnet is a computer worm, which emerged during the summer of 2010 to infiltrate numerous computer systems. The worm is a military-class cyberweapon that was used to launch a destructive attack against Iran nuclear centrifuges. Stuxnet operates in three main steps by analyzing the targeted networks and computer systems to gain access to the automated program logic controllers. Having infiltrated these machines, Stuxnet began to replicate itself continually. Although there have been a large number of public articles and talks regarding Stuxnet, during our analysis we have noticed some critical details about the virus’s code and its functionalities that have not been exposed before...