The problem of identifying security vulnerabilities resulting from flawed algorithms, and not just flawed implementations, has not been addressed adequately by previous research. Specifically, we want to identify when an algorithm could exceed a given bound on the running time or the amount of memory used.
To enable users to identify these flaws more easily, we developed an interactive visualization system. Our visualization shows the user a graph of the possible execution paths of a Java application, and the code that produced each path. To allow for easy pattern recognition, we construct similar layouts for similar programmatic structures. We also highlight sections of the code that seem likely to cause problems.
Preliminary experiments show that these features successfully enhance a user's ability to find algorithmic vulnerabilities efficiently.
Joint work with Jawaherul Alan and Michael Goodrich