Overview

Data-driven software is advancing fast and has been pervasively applied in critical domains such as malware detection, self-driving car, and criminal justice. While most existing testing and debugging techniques provide supports for the functional correctness of software, the support for meta properties such as performance, side channels, and fairness is scarce. In this talk, Tizpaz-Niari will first overview an application of data-driven technique to address confidentiality bugs in core Java libraries. In doing so, he will showcase an integration of gray-box fuzzing, quantitative information flow, statistical fault localizations, and non-linear optimizations to detect, quantify, localize, and mitigation information leaks via side channels. Then, he will present an adaption of such integration to address performance defects and fairness bugs in machine learning libraries. Throughout of his talk, Tizpaz-Niari will demonstrate real-world bugs discovered by the data-driven approach in popular and critical open-source libraries such as scikit-learn, OpenJDK, and Apache that have since been fixed by their developers.