LeakWatch: Estimating Information Leakage from Java Programs - Inria - Institut national de recherche en sciences et technologies du numérique Accéder directement au contenu
Communication Dans Un Congrès Année : 2014

LeakWatch: Estimating Information Leakage from Java Programs

Résumé

Programs that process secret data may inadvertently reveal information about those secrets in their publicly-observable output. This paper presents LeakWatch, a quantitative information leakage analysis tool for the Java programming language; it is based on a flexible "point-to-point" information leakage model, where secret and publicly-observable data may occur at any time during a program's execution. LeakWatch repeatedly executes a Java program containing both secret and publicly-observable data and uses robust statistical techniques to provide estimates, with confidence intervals, for min-entropy leakage (using a new theoretical result presented in this paper) and mutual information. We demonstrate how LeakWatch can be used to estimate the size of information leaks in a range of real-world Java programs.
Fichier principal
Vignette du fichier
ESORICS2014-RR.pdf (271.81 Ko) Télécharger le fichier
Origine : Fichiers produits par l'(les) auteur(s)
Loading...

Dates et versions

hal-01097603 , version 1 (20-12-2014)

Identifiants

Citer

Tom Chothia, Yusuke Kawamoto, Chris Novakovic. LeakWatch: Estimating Information Leakage from Java Programs. 19th European Symposium on Research in Computer Security (ESORICS 2014), Sep 2014, Wroclaw, Poland. pp.219-236, ⟨10.1007/978-3-319-11212-1_13⟩. ⟨hal-01097603⟩
277 Consultations
209 Téléchargements

Altmetric

Partager

Gmail Facebook X LinkedIn More