This tutorial is about new genera of information leakage vulnerabilities, far more difficult to detect than the vulnerabilities that have previously dominated the software security landscape. We will survey attacks that have exploited information leakage vulnerabilities to steal sensitive information. We will show how to discover information leakage vulnerabilities using techniques and tools for visual modeling of software from our research on two high-profile DARPA programs, the Automated Program Analysis for Cybersecurity (APAC) and Space/Time Analysis for Cybersecurity (STAC).
The tutorial goals are:
- Provide broad knowledge and the key concepts about information leakage threats.
- Teach interactive tools to create visual models to analyze Java bytecode.
- Provide hands-on experience of applying visual models with interactive visualization to audit an application for information leakage threats.
Authors: Suresh Kothari, Benjamin Holland