Blog Archives

ICISS 2017 – Human-on-the-loop Automation for Detecting Software Side-Channel Vulnerabilities

Abstract: Software side-channel vulnerabilities (SSCVs) allow an attacker to gather secrets by observing the differential in the time or space required for executing the program for different inputs. Detecting SSCVs is like searching for a needle in the haystack, not knowing what the needle looks like. Detecting SSCVs requires automation that supports systematic exploration to […]

Categories: Papers

ICISS 2015 – FlowMiner: Automatic Summarization of Library Data-Flow for Malware Analysis

Abstract: FlowMiner is a tool for automatically mining expressive, fine-grained data-flow summaries from Java library bytecode. FlowMiner captures enough information to enable context, type, field, object and flow-sensitive partial program analysis of applications using the library. FlowMiner’s summaries are compact- flow details of a library that are non-critical for future partial program analysis of applications are elided into simple […]

Categories: Papers

ICISS 2015 – Program Analysis and Reasoning for Hard to Detect Software Vulnerabilities

Abstract: Software is everywhere and so are software vulnerabilities, affecting individuals, companies and nations. Deliberately planted software vulnerabilities (“malware”) have ravaged nuclear reactors and unintended software vulnerabilities (“bugs”) have recently caused all American Airlines planes to be grounded for hours. Software vulnerabilities elude regression testing because their occurrence often depends on intricate sequences of low-probability […]

Categories: Tutorials