Exploit Generation for Information Flow Leaks in Object-Oriented Programs

Abstract : We present a method to generate automatically exploits for information flow leaks in object-oriented programs. Our approach combines self-composition and symbolic execution to compose an insecurity formula for a given information flow policy and a specification of the security level of the program locations. The insecurity formula gives then rise to a model which is used to generate input data for the exploit.A prototype tool called KEG implementing the described approach for Java programs has been developed, which generates exploits as executable JUnit tests.
Type de document :
Communication dans un congrès
Hannes Federrath; Dieter Gollmann. 30th IFIP International Information Security Conference (SEC), May 2015, Hamburg, Germany. IFIP Advances in Information and Communication Technology, AICT-455, pp.401-415, 2015, ICT Systems Security and Privacy Protection. 〈10.1007/978-3-319-18467-8_27〉
Liste complète des métadonnées

Littérature citée [27 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01345131
Contributeur : Hal Ifip <>
Soumis le : mercredi 13 juillet 2016 - 11:09:29
Dernière modification le : mercredi 13 juillet 2016 - 11:18:41

Fichier

337885_1_En_27_Chapter.pdf
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Quoc Do, Richard Bubel, Reiner Hähnle. Exploit Generation for Information Flow Leaks in Object-Oriented Programs. Hannes Federrath; Dieter Gollmann. 30th IFIP International Information Security Conference (SEC), May 2015, Hamburg, Germany. IFIP Advances in Information and Communication Technology, AICT-455, pp.401-415, 2015, ICT Systems Security and Privacy Protection. 〈10.1007/978-3-319-18467-8_27〉. 〈hal-01345131〉

Partager

Métriques

Consultations de la notice

53

Téléchargements de fichiers

15