Integrated Symbolic Execution for Space-Time Analysis of Code (ISSTAC)
Technical Report,01 Apr 2015,30 Sep 2019
Vanderbilt University Nashville United States
Pagination or Media Count:
Cybersecurity hinges upon finding vulnerabilities in software systems before they are deployed in an environment open to malicious actors. As the implementation flaws in software systems are eliminated by increasingly sophisticated software analysis techniques, attacks relying on the inherent space-time complexity of algorithms used for building software systems are gaining prominence. When an adversary can inexpensively generate inputs that induce behaviors with expensive space-time resource utilization at the defenders end, in addition to mounting denial-of-service attacks, the adversary can also use the same inputs to facilitate side-channel attacks in order to infer some secret from the observed system behavior. In this project our objective was to develop automated and semi-automated analysis techniques and implement them in an industrial-strength tools that allow the efficient analysis of software in the form of Java bytecode with respect to these problems rapidly enough for inclusion in a state-of-the-art development process.
- Computer Systems Management and Standards