Combinatorial Security Testing: Combinatorial Testing Meets Information Security

Over the recent years, a number of combinatorial strategies have been devised to help testers choose subsets of input combinations that would maximize the probability of detecting faults, with combinatorial testing being the most prominent one. Combinatorial testing has been successfully applied for testing (critical) software systems in large organizations and is an already proven method for security testing of large-scale software systems. In this talk we review recent advances on web application security testing and testing of operating systems and explore the applicability of combinatorial testing to new promising application domains of information security. In particular, as part of the newly spawned combinatorial security testing project between SBA Research and NIST ACTS project team, we address how combinatorial testing can be applied to (1) ensure proper error-handling of security protocols and (2) provide the theoretical guarantees for triggering FPGA Cryptographic Trojans. Besides providing the details of the combinatorial models, we also hinder on the technical challenges that need to be solved in the foundations of combinatorial testing. The talk is concluded with some open research problems and directions for future research.

Speaker Bio: Dimitris E. Simos is key researcher at SBA Research working on mathematical aspects of information security and an adjunct lecturer at Vienna University of Technology. He is currently leading the Combinatorics, Codes and Information Security (CCIS) research group at SBA Research. Dimitris has a keen interest on combinatorial designs and error-correcting codes. His research interests extend to the application of combinatorial designs to software testing, combinatorial testing in particular, error-correcting codes and their applications to post-quantum cryptography, optimization algorithms, symbolic computation and in general all mathematical aspects of information security. He received his bachelorÆs degree in Mathematics (2006) from the University of Athens. He holds a masterÆs degree in Applied Mathematical Sciences (2007) and a Ph.D. in Discrete Mathematics and Combinatorics (2011), both obtained from the National Technical University of Athens. He also held the status of a Marie Curie Fellow within a 3-year ERCIM grant (2012-2015) awarded by the European Commission. In particular, after his Ph.D. and before joining SBA Research, he was an ERCIM/Marie Curie Post-Doctoral Fellow within Project-Team SECRET of INRIA Paris-Rocquencourt research center working on the design and analysis of cryptographic algorithms, especially through the study of the involved discrete structures. He is the author of over sixty papers in discrete mathematics and their applications to computer science and a Fellow of the Institute of Combinatorics and its Applications (FTICA), an achievement awarded on the basis of the quality of his scientific publications. He is a member of the editorial board of three international peer-reviewed journals and has served as a program committee (PC) member for various international conferences, ESORICS (2015), BalkanCryptSec (2014, 2015), ARES (2012, 2013, 2014, 2015), IWCT (2015) among others. He was also MoCrySEn (2012, 2013), Program Chair and he will serve in the organizing committee of IWCT 2016 and QRS 2016. He is also a member of IEEE, ICA, ERCIM expert group on security and privacy, various COST actions and MIR Labs.

Presentation Slides: PDF

Note: Visitors from outside NIST must contact Cathy Graham; (301) 975-3800; at least 24 hours in advance.