KIT | KIT-Bibliothek | Impressum | Datenschutz

Implementations of Algorithms from the Thesis "Timing Sensitive Dependency Analysis and its Application to Software Security"

Hecker, Martin

Abstract:
In der Dissertation "Timing Sensitive Dependency Analysis and its Application to Software Security" präsentiere ich neue Verfahren zur statischen Analyse von Ausführungszeit-sensitiver Informationsflusskontrolle in Softwaresystemen. Ich wende diese Verfahren an zur Analyse nebenläufiger Java-Programme, sowie zur Analyse von Ausführungszeit-Seitenkanälen in Implementierungen kryptographischer Primitive.

In diesem VirtualBox Maschinen-Abbild stelle ich Implementierungen aller neuen Algorithmen dieser Dissertation bereit, zusammen mit randomisierten Test-Eigenschaften für alle formalen Observationen der Dissertation.

Abstract (englisch):
In my thesis "Timing Sensitive Dependency Analysis and its Application to Software Security", I present new methods for the static analysis of timing sensitive information flow control in software systems. I apply these methods in the analysis of concurrent Java programs, as well as the analysis of timing side-channels in implementations of cryptographic primitives.

In this VirtualBox machine image, I provide Implementations for all new Algorithms of my thesis, and randomized test properties for all formal Observations in the thesis.

Open Access Logo


Zugehörige Institution(en) am KIT Institut für Programmstrukturen und Datenorganisation (IPD)
Lehrstuhl IPD Snelting (Lehrstuhl IPD Snelting)
Publikationstyp Forschungsdaten
Publikationsdatum 24.08.2020
Erstellungsdatum 03.03.2020 - 12.08.2020
Identifikator DOI (KIT): 10.5445/IR/1000122605
KITopen-ID: 1000122605
Lizenz Creative Commons Namensnennung – Nicht kommerziell – Keine Bearbeitungen 4.0 International
Projektinformation KASTEL_IoE (BMBF, EU 6. RP, 16KIS0346)
Schlagwörter information flow control, timing side channel, static analysis, algorithms, non-interference, low-security observational determinism,
Liesmich

This is the artifact corresponding to the thesis
"Timing Sensitive Dependency Analysis and its Application to Software Security" by Martin Hecker

The Virtual Box virtual machine image
dissertation-vm
can be used by logging in via
user: hecker
password: hecker

In the users home directory, you will find in

  • randomized-tests.git/
    — in the language Haskell — both implementations of the submission's algorithms, and randomized tests that verify the submission's Observations.
  • randomized-tests.git/src/test/Program/Properties/DissObservations.hs
    contains the randomized tests corresponding to the dissertations Observations.

The results can be reproduces within the virtual machine image by help of the provided shell runners. From the users home directory, run

  • ./randomized-tests
    to once run all randomized tests except those marked 'slow', which are randomized tests that may run several minutes some randomized inputs.

  • ./randomized-tests-slow
    to once run all those randomized tests marked 'slow'.

  • ./randomized-tests-forever or ./randomized-tests-slow-forever
    to run the randomized tests forever, only terminating if there was found a counter-example to the submission's Observations.

Art der Forschungsdaten Dataset
Relationen in KITopen
KIT – Die Forschungsuniversität in der Helmholtz-Gemeinschaft
KITopen Landing Page