LeakWatch: Estimating information leakage from java programs

Tom Chothia; Yusuke Kawamoto; Chris Novakovic

doi:10.1007/978-3-319-11212-1_13

LeakWatch: Estimating information leakage from java programs

Tom Chothia
, Yusuke Kawamoto
, Chris Novakovic

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

27 Citations (Scopus)

Abstract

Programs that process secret data may inadvertently reveal information about those secrets in their publicly-observable output. This paper presents LeakWatch, a quantitative information leakage analysis tool for the Java programming language; it is based on a flexible "point-to-point" information leakage model, where secret and publicly-observable data may occur at any time during a program's execution. LeakWatch repeatedly executes a Java program containing both secret and publicly-observable data and uses robust statistical techniques to provide estimates, with confidence intervals, for min-entropy leakage (using a new theoretical result presented in this paper) and mutual information.We demonstrate how LeakWatch can be used to estimate the size of information leaks in a range of real-world Java programs.

Original language	English
Title of host publication	Computer Security - ESORICS 2014
Subtitle of host publication	19th European Symposium on Research in Computer Security, Wroclaw, Poland, September 7-11, 2014. Proceedings, Part II
Editors	Mirosław Kutyłowski, Jaideep Vaidya
Publisher	Springer
Pages	219-236
Number of pages	18
Volume	8713 LNCS
Edition	PART 2
ISBN (Electronic)	9783319112121
ISBN (Print)	9783319112114
DOIs	https://doi.org/10.1007/978-3-319-11212-1_13
Publication status	Published - 2014
Event	19th European Symposium on Research in Computer Security, ESORICS 2014 - Wroclaw, Poland Duration: 7 Sept 2014 → 11 Sept 2014

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Number	PART 2
Volume	8713 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	19th European Symposium on Research in Computer Security, ESORICS 2014
Country/Territory	Poland
City	Wroclaw
Period	7/09/14 → 11/09/14

Keywords

java
min-entropy leakage
mutual information
quantitative information flow
statistical estimation

ASJC Scopus subject areas

General Computer Science
Theoretical Computer Science

Access to Document

10.1007/978-3-319-11212-1_13

First Grant scheme: New Techniques for Finding and Analysing Information Leaks
Chothia, T. (Principal Investigator)
Engineering & Physical Science Research Council
2/04/12 → 1/08/13
Project: Research Councils

Cite this

Chothia, T., Kawamoto, Y., & Novakovic, C. (2014). LeakWatch: Estimating information leakage from java programs. In M. Kutyłowski, & J. Vaidya (Eds.), Computer Security - ESORICS 2014 : 19th European Symposium on Research in Computer Security, Wroclaw, Poland, September 7-11, 2014. Proceedings, Part II (PART 2 ed., Vol. 8713 LNCS, pp. 219-236). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 8713 LNCS, No. PART 2). Springer. https://doi.org/10.1007/978-3-319-11212-1_13

Chothia, Tom ; Kawamoto, Yusuke ; Novakovic, Chris. / LeakWatch : Estimating information leakage from java programs. Computer Security - ESORICS 2014 : 19th European Symposium on Research in Computer Security, Wroclaw, Poland, September 7-11, 2014. Proceedings, Part II. editor / Mirosław Kutyłowski ; Jaideep Vaidya . Vol. 8713 LNCS PART 2. ed. Springer, 2014. pp. 219-236 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); PART 2).

@inproceedings{7e91e0679fcc4da7be6112642db8d7f2,

title = "LeakWatch: Estimating information leakage from java programs",

abstract = "Programs that process secret data may inadvertently reveal information about those secrets in their publicly-observable output. This paper presents LeakWatch, a quantitative information leakage analysis tool for the Java programming language; it is based on a flexible {"}point-to-point{"} information leakage model, where secret and publicly-observable data may occur at any time during a program's execution. LeakWatch repeatedly executes a Java program containing both secret and publicly-observable data and uses robust statistical techniques to provide estimates, with confidence intervals, for min-entropy leakage (using a new theoretical result presented in this paper) and mutual information.We demonstrate how LeakWatch can be used to estimate the size of information leaks in a range of real-world Java programs.",

keywords = "java, min-entropy leakage, mutual information, quantitative information flow, statistical estimation",

author = "Tom Chothia and Yusuke Kawamoto and Chris Novakovic",

year = "2014",

doi = "10.1007/978-3-319-11212-1\_13",

language = "English",

isbn = "9783319112114",

volume = "8713 LNCS",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer",

number = "PART 2",

pages = "219--236",

editor = "Kuty{\l}owski, \{Miros{\l}aw \} and \{ Vaidya \}, Jaideep",

booktitle = "Computer Security - ESORICS 2014",

edition = "PART 2",

note = "19th European Symposium on Research in Computer Security, ESORICS 2014 ; Conference date: 07-09-2014 Through 11-09-2014",

}

Chothia, T, Kawamoto, Y & Novakovic, C 2014, LeakWatch: Estimating information leakage from java programs. in M Kutyłowski & J Vaidya (eds), Computer Security - ESORICS 2014 : 19th European Symposium on Research in Computer Security, Wroclaw, Poland, September 7-11, 2014. Proceedings, Part II. PART 2 edn, vol. 8713 LNCS, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), no. PART 2, vol. 8713 LNCS, Springer, pp. 219-236, 19th European Symposium on Research in Computer Security, ESORICS 2014, Wroclaw, Poland, 7/09/14. https://doi.org/10.1007/978-3-319-11212-1_13

LeakWatch: Estimating information leakage from java programs. / Chothia, Tom; Kawamoto, Yusuke; Novakovic, Chris.
Computer Security - ESORICS 2014 : 19th European Symposium on Research in Computer Security, Wroclaw, Poland, September 7-11, 2014. Proceedings, Part II. ed. / Mirosław Kutyłowski; Jaideep Vaidya . Vol. 8713 LNCS PART 2. ed. Springer, 2014. p. 219-236 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 8713 LNCS, No. PART 2).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - LeakWatch

T2 - 19th European Symposium on Research in Computer Security, ESORICS 2014

AU - Chothia, Tom

AU - Kawamoto, Yusuke

AU - Novakovic, Chris

PY - 2014

Y1 - 2014

N2 - Programs that process secret data may inadvertently reveal information about those secrets in their publicly-observable output. This paper presents LeakWatch, a quantitative information leakage analysis tool for the Java programming language; it is based on a flexible "point-to-point" information leakage model, where secret and publicly-observable data may occur at any time during a program's execution. LeakWatch repeatedly executes a Java program containing both secret and publicly-observable data and uses robust statistical techniques to provide estimates, with confidence intervals, for min-entropy leakage (using a new theoretical result presented in this paper) and mutual information.We demonstrate how LeakWatch can be used to estimate the size of information leaks in a range of real-world Java programs.

AB - Programs that process secret data may inadvertently reveal information about those secrets in their publicly-observable output. This paper presents LeakWatch, a quantitative information leakage analysis tool for the Java programming language; it is based on a flexible "point-to-point" information leakage model, where secret and publicly-observable data may occur at any time during a program's execution. LeakWatch repeatedly executes a Java program containing both secret and publicly-observable data and uses robust statistical techniques to provide estimates, with confidence intervals, for min-entropy leakage (using a new theoretical result presented in this paper) and mutual information.We demonstrate how LeakWatch can be used to estimate the size of information leaks in a range of real-world Java programs.

KW - java

KW - min-entropy leakage

KW - mutual information

KW - quantitative information flow

KW - statistical estimation

UR - https://www.scopus.com/pages/publications/84906489356

U2 - 10.1007/978-3-319-11212-1_13

DO - 10.1007/978-3-319-11212-1_13

M3 - Conference contribution

AN - SCOPUS:84906489356

SN - 9783319112114

VL - 8713 LNCS

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 219

EP - 236

BT - Computer Security - ESORICS 2014

A2 - Kutyłowski, Mirosław

A2 - Vaidya , Jaideep

PB - Springer

Y2 - 7 September 2014 through 11 September 2014

ER -

Chothia T, Kawamoto Y, Novakovic C. LeakWatch: Estimating information leakage from java programs. In Kutyłowski M, Vaidya J, editors, Computer Security - ESORICS 2014 : 19th European Symposium on Research in Computer Security, Wroclaw, Poland, September 7-11, 2014. Proceedings, Part II. PART 2 ed. Vol. 8713 LNCS. Springer. 2014. p. 219-236. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); PART 2). doi: 10.1007/978-3-319-11212-1_13

LeakWatch: Estimating information leakage from java programs

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Fingerprint

Projects

First Grant scheme: New Techniques for Finding and Analysing Information Leaks

Cite this