Software Security Testing

Importance of information security has been rapidly increasing due to the high number of reported incidences of attacks and related losses thereof. This trend has led to the development of many cryptographic software systems. However, research on software quality assurance techniques to ensure the quality of these cryptographic systems has been lagging behind.

In this project, we develop techniques to test cryptographic software systems for possible information leaks on sensitive and secret data (e.g., secret and private keys), and for security holes. We furthermore develop a security profiler tool that quantifies the amount of information leaking and that helps developers pinpoint the code segments which is the culprit of the observed leakage.