Information Leakage in Cyber-Physical Systems

Guest Info

Tevfik Bultan is a Professor in the Department of Computer Science at the University of California, Santa Barbara (UCSB). His research interests are in software verification, program analysis, software engineering, and computer security. He co-chaired the program committees of the 9th International Symposium on Automated Technology for Verification and Analysis (ATVA 2011), the 20th International Symposium on the Foundations of Software Engineering (FSE 2012) which is the flagship conference of ACM SIGSOFT, the 28th IEEE/ACM International Conference on Automated Software Engineering (ASE 2013) and the 41st ACM/IEEE International Conference on Software Engineering (ICSE 2019) which is the premier software engineering conference in the world. He was the general chair of the 2017 ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2017). He served as the chair (2019-2023) and vice chair (2005-2009) of the Department of Computer Science at UCSB.

Tevfik Bultan is the recipient of a NATO Science Fellowship from the Scientific and Technical Research Council of Turkey (TUBITAK), a Regents’ Junior Faculty Fellowship from the University of California, Santa Barbara, a Faculty Early Career Development (CAREER) Award from the National Science Foundation, two ACM SIGSOFT Distinguished Paper Awards, a Best Paper Award from International Conference on Automated Software Engineering (ASE), and the UCSB Academic Senate Outstanding Graduate Mentor Award. He was recognized as an ACM Distinguished Scientist in 2016.

Abstract

A crucial problem in computer security is detecting information leakage via side channels. Information gained by observing non-functional properties of cyber-physical systems can enable attackers to infer private and sensitive information accessed by the system. For example, observations about execution time, memory usage, or timing and sizes of network packets can all leak sensitive information. In this talk, I will discuss techniques for detecting and quantifying information leakage. I will also discuss how an adversary can use observations about system behaviors to construct input sequences that recover secret information. Finally, I will discuss mitigation techniques for preventing information leakage.