Sound Over-and Under-Approximations of Complexity and Information Security (SOUCIS)
Technical Report,01 Apr 2015,30 Apr 2018
The University of Maryland College Park United States
Pagination or Media Count:
The technical keystones of this initiative were the use of sound over-approximating static analysis in conjunction with precise under-approximating analysis. For the former, new static analysis techniques for inferring program invariants in conjunction with a new technique for revealing side channels and complexity attacks in Java programs were developed. For the latter, new randomized, fuzz testing and machine learning techniques for vulnerability identification were developed. The state of the art in both areas was systematically surveyed and results were found that challenged previously published conclusions. A collaborative workbench application was developed to organize an analysts task in using the tools.
- Computer Programming and Software
- Computer Systems Management and Standards