MILCOM 2016 – Discovering Information Leakage Using Visual Program Models

Abstract: 

This tutorial is about new genera of information leakage vulnerabilities, far more difficult to detect than the vulnerabilities that have previously dominated the software security landscape. We will survey attacks that have exploited information leakage vulnerabilities to steal sensitive information. We will show how to discover information leakage vulnerabilities using techniques and tools for visual modeling of software from our research on two high-profile DARPA programs, the Automated Program Analysis for Cybersecurity (APAC) and Space/Time Analysis for Cybersecurity (STAC).

The tutorial goals are:

  1. Provide broad knowledge and the key concepts about information leakage threats.
  2. Teach interactive tools to create visual models to analyze Java bytecode.
  3. Provide hands-on experience of applying visual models with interactive visualization to audit an application for information leakage threats.

Venue: MILCOM 2016, Baltimore, Maryland, November 2, 2016

Authors: Suresh Kothari, Benjamin Holland

Materials: https://github.com/benjholla/MILCOM2016

MILCOM2016

Categories: Tutorials

Leave a Reply