Erdem Kaya is interested in modeling the data, visualizing the information, and grounding the knowledge based on data analytic techniques. He is also into the topics from human-computer interaction literature such as user experience modeling, and application evaluation about which he had the opportunity to delve deeper during his M.S. studies in the University of Wisconsin-Madison. He is currently a dissertator in Sabanci University and a software designer in Naval Tactical Doctrine and Analysis Center (NTADAC - TURNAV).

-------

Speaker: Ali Can Atici (Sabanci University)
Title: Removing Profiling Phase of Cache-Timing Attacks

Abstract:
Theoretically secure cryptographic algorithms can be vulnerable to attacks due to their implementation flaws, which disclose
side-channel information about the secret key. Bernstein's attack is a well known cache-timing attack which uses execution time
as the side-channel. The major drawback of this attack is that it needs an identical target machine to perform its profiling phase
where the attacker models the cache timing-behavior of the target machine. This assumption makes the attack unrealistic in many circumstances. In this work, we present an effective method to eliminate the profiling phase. We propose a methodology to model the cache timing-behavior of the target machine by trying hypothetical cache timing-behaviors exhaustively. To test the validity of the proposed method, we performed the Bernstein attack and showed that, the non-profiled Bernstein attack has an equivalent performance compared to the original attack which uses a profiling phase, and it even performs better in some of the cases.

Bio:

Ali Can Atici received his bachelor degree from Istanbul Technical University, Electronics Engineering program in 2006. Afterwards he started to his master of science in the same university and in the same program. During his studies he focused on digital design, FPGA design, low power digital design, VHDL, cryptographic algorithm implementation in VHDL and side-channel analysis. He spent his one year in the COSIC labaratory of Katholieke Universiteit Leuven, Belgium, where he conducted his master of science studies. In 2010, he started to his Phd, in Computer Sciences and Engineering program in Sabanci University. Currently he is working on side-channel analysis, specifically on cache-timing attacks, of software cryptographic algorithm implementations.

Abstract:
Mobile platforms are becoming the predominant computing environments. The widespread usage in consumer and enterprise mobile devices and operating systems increases the severity of the problem of handling software defects. Mobile devices come in various operating systems, sizes, computing powers, hardware settings and have many areas of use. This is commonly known as the “fragmentation problem”. Software developers typically struggle to provide inclusive support for this diversity, unless extensive budgets are spent for procuring required hardware. The fragmentation problem is but one side of the problem at hand. The mobile device, its operating system, and the related programming APIs are often relatively new and untested. The working mechanics of the complete system is very complex. This aspect of mobile platforms increases the need for domain expertise and knowledge of many testing frameworks.

Our research focuses on building a novel cloud testing platform specialized for software testing. The state of the art commercial and academic cloud testing services have been dealing with static code analysis and test case execution on the cloud. Our novel approach aims to perform dynamic analysis on mobile application binaries, generate the model of the application, its test cases and test input sets on the run. Domain information generated via dynamic analysis and utilization of combinatorial interaction testing for test case and input set analysis is used for improving the systems coverage capability. The system will be a self learning system in the sense that the lessons learned from testing one application will be used to test another application.

Bio:
Mehmet Çağrı Çalpur is a Ph.D. student in Computer Science and Engineering Program in Sabancı University. He is a member of SUSOFT: Software Engineering Research Group. He received his M.S. degree in Computer Science from Sabancı University and his B.S. degree in Computer Engineering from Bilkent University. He is interested in Software Engineering, Testing and Quality Assurance, Programming Languages, Mobile Operating Systems, Web & Mobile Services and Cloud Computing. His current research is about building a cloud infrastructure for mobile application testing, with self learning capabilities which utilizes dynamic analysis of mobile applications and test case generation/execution.