Write a Blog >>
ISSTA 2020
Sat 18 - Wed 22 July 2020
Tue 21 Jul 2020 13:30 - 13:50 at Zoom - SECURITY Chair(s): Lucas Bang

Information leakage in software systems is a problem of growing importance. Networked applications can leak sensitive information even when they use encryption. For example, some characteristics of network packets, such as their size, timing and direction, are visible even for encrypted traffic. Patterns in these characteristics can be leveraged as side channels to extract information about secret values accessed by the application. In this paper, we present a new tool called AutoFeed for detecting and quantifying information leakage due to side channels in networked software applications. AutoFeed profiles the target system and automatically explores the input space, explores the space of output features that may leak information, quantifies the information leakage, and identifies the top-leaking features. Given a set of input mutators and a small number of initial inputs provided by the user, AutoFeed iteratively mutates inputs and periodically updates its leakage estimations to identify the features that leak the greatest amount of information about the secret of interest. AutoFeed uses a feedback loop for incremental profiling, and a stopping criterion that terminates the analysis when the leakage estimation for the top-leaking features converges. AutoFeed also automatically assigns weights to mutators in order to focus the search of the input space on exploring dimensions that are relevant to the leakage quantification. Our experimental evaluation on the benchmarks shows that AutoFeed is effective in detecting and quantifying information leaks in networked applications.

Tue 21 Jul
Times are displayed in time zone: Tijuana, Baja California change

13:30 - 14:30: SECURITYTechnical Papers at Zoom
Chair(s): Lucas BangHarvey Mudd College

Public Live Stream/Recording. Registered participants should join via the Zoom link distributed in Slack.

13:30 - 13:50
Feedback-Driven Side-Channel Analysis for Networked Applications
Technical Papers
Ismet Burak KadronUniversity of California at Santa Barbara, Nico RosnerAmazon Web Services, Tevfik BultanUniversity of California, Santa Barbara
13:50 - 14:10
Scalable Analysis of Interaction Threats in IoT SystemsACM SIGSOFT Distinguished Paper Award
Technical Papers
Mohannad Alhanahnah, Clay StevensUniversity of Nebraska-Lincoln, Hamid BagheriUniversity of Nebraska-Lincoln, USA
DOI Pre-print Media Attached
14:10 - 14:30
DeepSQLi: Deep Semantic Learning for Testing SQL Injection
Technical Papers
Muyang Liu, Ke LiUniversity of Exeter, Tao ChenLoughborough University
DOI Pre-print