Skip to Main content Skip to Navigation
Conference papers

LeakWatch: Estimating Information Leakage from Java Programs

Tom Chothia 1 Yusuke Kawamoto 2 Chris Novakovic 1
2 COMETE - Concurrency, Mobility and Transactions
Inria Saclay - Ile de France, LIX - Laboratoire d'informatique de l'École polytechnique [Palaiseau]
Abstract : Programs that process secret data may inadvertently reveal information about those secrets in their publicly-observable output. This paper presents LeakWatch, a quantitative information leakage analysis tool for the Java programming language; it is based on a flexible "point-to-point" information leakage model, where secret and publicly-observable data may occur at any time during a program's execution. LeakWatch repeatedly executes a Java program containing both secret and publicly-observable data and uses robust statistical techniques to provide estimates, with confidence intervals, for min-entropy leakage (using a new theoretical result presented in this paper) and mutual information. We demonstrate how LeakWatch can be used to estimate the size of information leaks in a range of real-world Java programs.
Document type :
Conference papers
Complete list of metadata

Cited literature [23 references]  Display  Hide  Download

https://hal.inria.fr/hal-01097603
Contributor : Catuscia Palamidessi <>
Submitted on : Saturday, December 20, 2014 - 4:24:14 AM
Last modification on : Thursday, March 5, 2020 - 6:29:52 PM
Long-term archiving on: : Monday, March 23, 2015 - 6:43:26 PM

File

ESORICS2014-RR.pdf
Files produced by the author(s)

Identifiers

Collections

Citation

Tom Chothia, Yusuke Kawamoto, Chris Novakovic. LeakWatch: Estimating Information Leakage from Java Programs. 19th European Symposium on Research in Computer Security (ESORICS 2014), Sep 2014, Wroclaw, Poland. pp.219-236, ⟨10.1007/978-3-319-11212-1_13⟩. ⟨hal-01097603⟩

Share

Metrics

Record views

580

Files downloads

461