Accession Number:

AD1061405

Title:

Sound Over-and Under-Approximations of Complexity and Information Security (SOUCIS)

Descriptive Note:

Technical Report,01 Apr 2015,30 Apr 2018

Corporate Author:

The University of Maryland College Park United States

Report Date:

2018-09-01

Pagination or Media Count:

75.0

Abstract:

The technical keystones of this initiative were the use of sound over-approximating static analysis in conjunction with precise under-approximating analysis. For the former, new static analysis techniques for inferring program invariants in conjunction with a new technique for revealing side channels and complexity attacks in Java programs were developed. For the latter, new randomized, fuzz testing and machine learning techniques for vulnerability identification were developed. The state of the art in both areas was systematically surveyed and results were found that challenged previously published conclusions. A collaborative workbench application was developed to organize an analysts task in using the tools.

Subject Categories:

  • Computer Programming and Software
  • Computer Systems Management and Standards

Distribution Statement:

APPROVED FOR PUBLIC RELEASE