Dawn Song is a computer security specialist who applies rigorous theoretical methods to understand the deep interactions of software, hardware, and networks that make computer systems vulnerable to attack or interference. Computer security failures can lead to dissemination of spam email, systemic disruption of communications traffic on the internet, and unauthorized access to confidential information. Rather than identifying errors in programming logic that lead to specific security breaches, Song investigates the underlying patterns of computer system behavior that often apply across whole classes of security vulnerability. Using a sophisticated method for semantic analysis of binary code (i.e., the machine-readable translation of human-readable programmers’ instructions) from disruptive software, Song can identify the common path of logic flow that similarly disruptive software must also follow, thus offering a means to protect against an entire set of potential security threats. As a surprising consequence, she has shown that software patches intended to fix existing security flaws can be used as a template for algorithms that autonomously generate similar but distinct computer programs that also exploit the flaw, and sometimes even circumvent the repair. Identifying such weaknesses represents an important step in developing generalized defenses against computer attack, instead of the more common approach of iterative, ad hoc corrections of inevitable human errors in software design. Song also helped to develop an efficient algorithm that can protect the most sensitive information using cryptography, even if a computer system’s first-line defenses have been compromised. By synthesizing advanced approaches from theoretical computer science and empirical software engineering, Song is making significant strides in increasing the security and stability of computer systems and networks, which have become essential elements of our social and economic infrastructure.
Dawn Song received a B.S. (1996) from Tsinghua University, an M.S. (1999) from Carnegie Mellon University, and a Ph.D. (2002) from the University of California, Berkeley. She was an assistant professor at Carnegie Mellon University (2002–2007) prior to her appointment to the Department of Electrical Engineering and Computer Science at the University of California, Berkeley, where she is currently an associate professor.