Methodologies, Techniques, and Tools for Understanding and Managing Sensitive Program Information

dc.contributor.authorLiu, Yinen
dc.contributor.committeechairTilevich, Elien
dc.contributor.committeememberMeng, Naen
dc.contributor.committeememberServant Cortes, Francisco Javieren
dc.contributor.committeememberChiba, Shigeruen
dc.contributor.committeememberGulzar, Muhammad Alien
dc.contributor.departmentComputer Scienceen
dc.date.accessioned2021-05-21T08:00:24Zen
dc.date.available2021-05-21T08:00:24Zen
dc.date.issued2021-05-20en
dc.description.abstractExfiltrating or tampering with certain business logic, algorithms, and data can harm the security and privacy of both organizations and end users. Collectively referred to as sensitive program information (SPI), these building blocks are part and parcel of modern software systems in domains ranging from enterprise applications to cyberphysical setups. Hence, protecting SPI has become one of the most salient challenges of modern software development. However, several fundamental obstacles stand on the way of effective SPI protection: (1) understanding and locating the SPI for any realistically sized codebase by hand is hard; (2) manually isolating SPI to protect it is burdensome and error-prone; (3) if SPI is passed across distributed components within and across devices, it becomes vulnerable to security and privacy attacks. To address these problems, this dissertation research innovates in the realm of automated program analysis, code transformation, and novel programming abstractions to improve the state of the art in SPI protection. Specifically, this dissertation comprises three interrelated research thrusts that: (1) design and develop program analysis and programming support for inferring the usage semantics of program constructs, with the goal of helping developers understand and identify SPI; (2) provide powerful programming abstractions and tools that transform code automatically, with the goal of helping developers effectively isolate SPI from the rest of the codebase; (3) provide programming mechanism for distributed managed execution environments that hides SPI, with the goal of enabling components to exchange SPI safely and securely. The novel methodologies, techniques, and software tools, supported by programming abstractions, automated program analysis, and code transformation of this dissertation research lay the groundwork for establishing a secure, understandable, and efficient foundation for protecting SPI. This dissertation is based on 4 conference papers, presented at TrustCom'20, GPCE'20, GPCE'18, and ManLang'17, as well as 1 journal paper, published in Journal of Computer Languages (COLA).en
dc.description.abstractgeneralSome portions of a computer program can be sensitive, referred to as sensitive program information (SPI). By compromising SPI, attackers can hurt user security/privacy. It is hard for developers to identify and protect SPI, particularly for large programs. This dissertation introduces novel methodologies, techniques, and software tools that facilitate software developments tasks concerned with locating and protecting SPI.en
dc.description.degreeDoctor of Philosophyen
dc.format.mediumETDen
dc.identifier.othervt_gsexam:31045en
dc.identifier.urihttp://hdl.handle.net/10919/103421en
dc.publisherVirginia Techen
dc.rightsIn Copyrighten
dc.rights.urihttp://rightsstatements.org/vocab/InC/1.0/en
dc.subjectSoftware Engineeringen
dc.subjectProgram Analysis and Transformationen
dc.subjectProgram Comprehensionen
dc.subjectTrusted Execution Environmenten
dc.subjectMiddlewareen
dc.titleMethodologies, Techniques, and Tools for Understanding and Managing Sensitive Program Informationen
dc.typeDissertationen
thesis.degree.disciplineComputer Science and Applicationsen
thesis.degree.grantorVirginia Polytechnic Institute and State Universityen
thesis.degree.leveldoctoralen
thesis.degree.nameDoctor of Philosophyen

Files

Original bundle
Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
Liu_Y_D_2021.pdf
Size:
2.58 MB
Format:
Adobe Portable Document Format