This talk will focus on the increasing use of Intermediate Representations (IRs) which are used for efficient compiler transformations and analyses. IRs have morphed into being inputs to a wide variety of tools for security and formal analysis methods. Further, IR, and it's on-disk counterpart bitcode, is increasingly being used as means for JIT'ing and dynamic, portable code, or even codelets.
We will begin with a discussion introducing LLVM IR (one of the most common forms of IR) and comparing to a famous predecessor, JAVA byte code. We then move quickly into where LLVM IR is being used from a compiler technology perspective. Next, we share how IR is utilized by formal methods and other tools to verify stability and security of code.. Lastly we discuss how these pieces currently fit into SDLC
Andrew Reiter is a researcher at Veracode Inc where he focuses on both static and dynamic analysis of applications. He hold a B.Sc. and M.Sc. in Mathematics from UMASS-Amherst and has previously presented at Blackhat, CanSecWest, Toorcon, and others.
Jared Carlson is a researcher at Veracode focusing on mobile security, particularly of native applications. Prior to joining Veracode, he did several research projects for DARPA on security. He holds a B.S. from UMass-Amherst and M.S. from Yale and has spoken at RECon, SOURCE, the LLVM Development Conference.