Sound Over-and Under-Approximations of Complexity and Information Security (SOUCIS)

Abstract

The technical keystones of this initiative were the use of sound over-approximating static analysis in conjunction with precise under-approximating analysis. For the former, new static analysis techniques for inferring program invariants in conjunction with a new technique for revealing side channels and complexity attacks in Java programs were developed. For the latter, new randomized, fuzz testing and machine learning techniques for vulnerability identification were developed. The state of the art in both areas was systematically surveyed and results were found that challenged previously published conclusions. A collaborative workbench application was developed to organize an analyst's task in using the tools.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Sep 01, 2018
Accession Number
AD1061405

Entities

People

  • David Van Horn
  • Dawn Song
  • Eric Koskinen
  • Jeff Foster
  • Michael Hicks
  • Timos Antopoulos

Organizations

  • University of Maryland

Tags

Communities of Interest

  • Autonomy
  • Cyber
  • Energy and Power Technologies

DTIC Thesaurus Topics

  • Air Force
  • Air Force Research Laboratories
  • Artificial Intelligence
  • Computer Program Documentation
  • Computer Program Reliability
  • Computer Programming
  • Computer Programs
  • Computer Science
  • Computers
  • Cybersecurity
  • Debugging
  • Detection
  • Engineering
  • Information Processing
  • Information Science
  • Information Security
  • Information Systems
  • Instruction Set Architecture
  • Machine Learning
  • Neural Networks
  • New York
  • Operating Systems
  • Programming Languages
  • Software Development

Fields of Study

  • Computer science

Readers

  • Neural Network Machine Learning.
  • Software Engineering.
  • Systems Analysis and Design

Technology Areas

  • AI & ML
  • AI & ML - Machine Learning Algorithms