LeakWatch: Estimating Information Leakage from Java Programs

Tom Chothia 1 Yusuke Kawamoto 2 Chris Novakovic 1
2 COMETE - Concurrency, Mobility and Transactions
LIX - Laboratoire d'informatique de l'École polytechnique [Palaiseau], Inria Saclay - Ile de France, X - École polytechnique, CNRS - Centre National de la Recherche Scientifique : UMR7161
Abstract : Programs that process secret data may inadvertently reveal information about those secrets in their publicly-observable output. This paper presents LeakWatch, a quantitative information leakage analysis tool for the Java programming language; it is based on a flexible "point-to-point" information leakage model, where secret and publicly-observable data may occur at any time during a program's execution. LeakWatch repeatedly executes a Java program containing both secret and publicly-observable data and uses robust statistical techniques to provide estimates, with confidence intervals, for min-entropy leakage (using a new theoretical result presented in this paper) and mutual information. We demonstrate how LeakWatch can be used to estimate the size of information leaks in a range of real-world Java programs.
Type de document :
Communication dans un congrès
Miroslaw Kutylowski and Jaideep Vaidya. 19th European Symposium on Research in Computer Security (ESORICS 2014), Sep 2014, Wroclaw, Poland. Springer, 8713, pp.219-236, 2014, Lecture Notes in Computer Science. 〈10.1007/978-3-319-11212-1_13〉
Liste complète des métadonnées

Littérature citée [23 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01097603
Contributeur : Catuscia Palamidessi <>
Soumis le : samedi 20 décembre 2014 - 04:24:14
Dernière modification le : jeudi 10 mai 2018 - 02:06:55
Document(s) archivé(s) le : lundi 23 mars 2015 - 18:43:26

Fichier

ESORICS2014-RR.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

Collections

Citation

Tom Chothia, Yusuke Kawamoto, Chris Novakovic. LeakWatch: Estimating Information Leakage from Java Programs. Miroslaw Kutylowski and Jaideep Vaidya. 19th European Symposium on Research in Computer Security (ESORICS 2014), Sep 2014, Wroclaw, Poland. Springer, 8713, pp.219-236, 2014, Lecture Notes in Computer Science. 〈10.1007/978-3-319-11212-1_13〉. 〈hal-01097603〉

Partager

Métriques

Consultations de la notice

423

Téléchargements de fichiers

193