Service interruption on Monday 11 July from 12:30 to 13:00: all the sites of the CCSD (HAL, Epiciences, SciencesConf, AureHAL) will be inaccessible (network hardware connection).
Skip to Main content Skip to Navigation
Conference papers

Exploit Generation for Information Flow Leaks in Object-Oriented Programs

Abstract : We present a method to generate automatically exploits for information flow leaks in object-oriented programs. Our approach combines self-composition and symbolic execution to compose an insecurity formula for a given information flow policy and a specification of the security level of the program locations. The insecurity formula gives then rise to a model which is used to generate input data for the exploit.A prototype tool called KEG implementing the described approach for Java programs has been developed, which generates exploits as executable JUnit tests.
Document type :
Conference papers
Complete list of metadata

Cited literature [27 references]  Display  Hide  Download
Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Wednesday, July 13, 2016 - 11:09:29 AM
Last modification on : Wednesday, July 13, 2016 - 11:18:41 AM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Quoc Huy Do, Richard Bubel, Reiner Hähnle. Exploit Generation for Information Flow Leaks in Object-Oriented Programs. 30th IFIP International Information Security Conference (SEC), May 2015, Hamburg, Germany. pp.401-415, ⟨10.1007/978-3-319-18467-8_27⟩. ⟨hal-01345131⟩



Record views


Files downloads