Implementations of algorithms from the thesis "timing sensitive dependency analysis and its application to software security"

Abstract: In der Dissertation "Timing Sensitive Dependency Analysis and its Application to Software Security" präsentiere ich neue Verfahren zur statischen Analyse von Ausführungszeit-sensitiver Informationsflusskontrolle in Softwaresystemen. Ich wende diese Verfahren an zur Analyse nebenläufiger Java-Programme, sowie zur Analyse von Ausführungszeit-Seitenkanälen in Implementierungen kryptographischer Primitive.

In diesem VirtualBox Maschinen-Abbild stelle ich Implementierungen aller neuen Algorithmen dieser Dissertation bereit, zusammen mit randomisierten Test-Eigenschaften für alle formalen Observationen der Dissertation. Abstract: In my thesis "Timing Sensitive Dependency Analysis and its Application to Software Security", I present new methods for the static analysis of timing sensitive information flow control in software systems. I apply these methods in the analysis of concurrent Java programs, as well as the analysis of timing side-channels in implementations of cryptographic primitives.

In this VirtualBox machine image, I provide Implementations for all new Algorithms of my thesis, and randomized test properties for all formal Observations in the thesis. TechnicalRemarks: This is the artifact corresponding to the thesis "Timing Sensitive Dependency Analysis and its Application to Software Security" by Martin Hecker

The Virtual Box virtual machine image dissertation-vm can be used by logging in via user: hecker password: hecker

In the users home directory, you will find in

• randomized-tests.git/ — in the language Haskell — both implementations of the submission's algorithms, and randomized tests that verify the submission's Observations.
• randomized-tests.git/src/test/Program/Properties/DissObservations.hs contains the randomized tests corresponding to the dissertations Observations.

The results can be reproduces within the virtual machine image by help of the provided shell runners. From the users home directory, run

• ./randomized-tests to once run all randomized tests except those marked 'slow', which are randomized tests that may run several minutes some randomized inputs.

• ./randomized-tests-slow to once run all those randomized tests marked 'slow'.

• ./randomized-tests-forever or ./randomized-tests-slow-forever to run the randomized tests forever, only terminating if there was found a counter-example to the submission's Observations.