Integrated Symbolic Execution for Space-Time Analysis of Code (ISSTAC)

Abstract

Cybersecurity hinges upon finding vulnerabilities in software systems before they are deployed in an environment open to malicious actors. As the implementation flaws in software systems are eliminated by increasingly sophisticated software analysis techniques, attacks relying on the inherent space-time complexity of algorithms used for building software systems are gaining prominence. When an adversary can inexpensively generate inputs that induce behaviors with expensive space-time resource utilization at the defenders end, in addition to mounting denial-of-service attacks, the adversary can also use the same inputs to facilitate side-channel attacks in order to infer some secret from the observed system behavior. In this project our objective was to develop automated and semi-automated analysis techniques and implement them in an industrial-strength tools that allow the efficient analysis of software (in the form of Java bytecode) with respect to these problems rapidly enough for inclusion in a state-of-the-art development process.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Mar 01, 2020
Accession Number
AD1093434

Entities

People

  • Corina Pasareanu
  • Daniel Balasubramanian
  • Gabor Karsai
  • Tevfik Bultan

Organizations

  • Vanderbilt University

Tags

DTIC Thesaurus Topics

  • Air Force
  • Air Force Research Laboratories
  • Algorithms
  • Application Software
  • Computer Programs
  • Computer Science
  • Computers
  • Cybersecurity
  • Debugging
  • Denial Of Service Attack
  • Engineering
  • Graphical User Interface
  • Object Code
  • Software Development
  • Software Testing
  • User Interface
  • Vulnerability

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Software Engineering.
  • Systems Analysis and Design

Technology Areas

  • AI & ML
  • Cyber
  • Cyber - Cryptography
  • Space