Skip to Main content Skip to Navigation
Conference papers

LeakWatch: Estimating Information Leakage from Java Programs

Tom Chothia 1 Yusuke Kawamoto 2 Chris Novakovic 1
2 COMETE - Concurrency, Mobility and Transactions
Inria Saclay - Ile de France, LIX - Laboratoire d'informatique de l'École polytechnique [Palaiseau]
Abstract : Programs that process secret data may inadvertently reveal information about those secrets in their publicly-observable output. This paper presents LeakWatch, a quantitative information leakage analysis tool for the Java programming language; it is based on a flexible "point-to-point" information leakage model, where secret and publicly-observable data may occur at any time during a program's execution. LeakWatch repeatedly executes a Java program containing both secret and publicly-observable data and uses robust statistical techniques to provide estimates, with confidence intervals, for min-entropy leakage (using a new theoretical result presented in this paper) and mutual information. We demonstrate how LeakWatch can be used to estimate the size of information leaks in a range of real-world Java programs.
Document type :
Conference papers
Complete list of metadata

Cited literature [23 references]  Display  Hide  Download
Contributor : Catuscia Palamidessi Connect in order to contact the contributor
Submitted on : Saturday, December 20, 2014 - 4:24:14 AM
Last modification on : Thursday, January 20, 2022 - 4:16:09 PM
Long-term archiving on: : Monday, March 23, 2015 - 6:43:26 PM


Files produced by the author(s)




Tom Chothia, Yusuke Kawamoto, Chris Novakovic. LeakWatch: Estimating Information Leakage from Java Programs. 19th European Symposium on Research in Computer Security (ESORICS 2014), Sep 2014, Wroclaw, Poland. pp.219-236, ⟨10.1007/978-3-319-11212-1_13⟩. ⟨hal-01097603⟩



Record views


Files downloads