Track C: Experimentation

This track tests the theory established in other tracks with substantial applications, performing the security analyses on real Java programs whose security properties are of interest. The track itself is divided into three phases: (1) The construction of prototype software which implements the algorithms/methods developed in Track B; (2) The application of this tool to non-trivial Java programs; and (3) assessment of the results, from both practical and theoretical viewpoints. Candidates programs include Java versions of slogin and ssh, as well as, for quantitative secrecy, password programs and programs which are pertinent to timing attacks. One of the most challenging points in this track is the development of algorithmic tools to analyse quantitative secrecy in programs.