Skip to Main content Skip to Navigation
Conference papers

Exploit Generation for Information Flow Leaks in Object-Oriented Programs

Abstract : We present a method to generate automatically exploits for information flow leaks in object-oriented programs. Our approach combines self-composition and symbolic execution to compose an insecurity formula for a given information flow policy and a specification of the security level of the program locations. The insecurity formula gives then rise to a model which is used to generate input data for the exploit.A prototype tool called KEG implementing the described approach for Java programs has been developed, which generates exploits as executable JUnit tests.
Document type :
Conference papers
Complete list of metadatas

Cited literature [27 references]  Display  Hide  Download

https://hal.inria.fr/hal-01345131
Contributor : Hal Ifip <>
Submitted on : Wednesday, July 13, 2016 - 11:09:29 AM
Last modification on : Wednesday, July 13, 2016 - 11:18:41 AM

File

337885_1_En_27_Chapter.pdf
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Quoc Do, Richard Bubel, Reiner Hähnle. Exploit Generation for Information Flow Leaks in Object-Oriented Programs. 30th IFIP International Information Security Conference (SEC), May 2015, Hamburg, Germany. pp.401-415, ⟨10.1007/978-3-319-18467-8_27⟩. ⟨hal-01345131⟩

Share

Metrics

Record views

234

Files downloads

211