MIT Libraries homeDSpace@MIT

We present a new technique for determining how much information abouta program's secret inputs is revealed by its public outputs. Incontrast to previous techniques based on reachability from secretinputs (tainting), it ...

This paper describes a technique that helps a test engineerselect, from a large set of randomly generated testinputs, a small subset likely to reveal faults in the softwareunder test. The technique takes a program or ...

Many automatic testing, analysis, and verification techniques for programs can be effectively reduced to a constraint-generation phase followed by a constraint-solving phase. This separation of concerns often leads to more ...

We present a technique for finding security vulnerabilitiesin Web applications. SQL Injection (SQLI) and cross-sitescripting (XSS) attacks are widespread forms of attackin which the attacker crafts the input to the application ...

We present a new approach for tracking programs' use of data througharbitrary calculations, to determine how much information about secretinputs is revealed by public outputs. Using a fine-grained dynamicbit-tracking ...

This research proposes and evaluates techniques for selectingpredicates for conditional program properties—thatis, implications such as p ) q whose consequent must betrue whenever the predicate is true. Conditional ...

Knowing which method parameters may be mutated during a method'sexecution is useful for many software engineering tasks. We presentan approach to discovering parameter immutability, in which severallightweight, scalable ...

It is difficult to fix a problem without being able to reproduce it.However, reproducing a problem is often difficult and time-consuming.This paper proposes a novel algorithm, ReCrash, that generatesmultiple unit tests ...

We have created a framework for adding custom type qualifiers to the Javalanguage in a backward-compatible way. The type system designer definesthe qualifiers and creates a compiler plug-in that enforces theirsemantics. ...

Test factoring creates fast, focused unit tests from slow system-widetests; each new unit test exercises only a subset of the functionalityexercised by the system test. Augmenting a test suite with factoredunit tests ...