LeakWatch: Estimating information leakage from java programs

Research output: Chapter in Book/Report/Conference proceedingConference contribution


Colleges, School and Institutes

External organisations

  • Ecole Polytechnique Fédérale de Lausanne
  • Birmingham University


Programs that process secret data may inadvertently reveal information about those secrets in their publicly-observable output. This paper presents LeakWatch, a quantitative information leakage analysis tool for the Java programming language; it is based on a flexible "point-to-point" information leakage model, where secret and publicly-observable data may occur at any time during a program's execution. LeakWatch repeatedly executes a Java program containing both secret and publicly-observable data and uses robust statistical techniques to provide estimates, with confidence intervals, for min-entropy leakage (using a new theoretical result presented in this paper) and mutual information.We demonstrate how LeakWatch can be used to estimate the size of information leaks in a range of real-world Java programs.


Original languageEnglish
Title of host publicationComputer Security - ESORICS 2014
Subtitle of host publication19th European Symposium on Research in Computer Security, Wroclaw, Poland, September 7-11, 2014. Proceedings, Part II
EditorsMirosław Kutyłowski, Jaideep Vaidya
Publication statusPublished - 2014
Event19th European Symposium on Research in Computer Security, ESORICS 2014 - Wroclaw, Poland
Duration: 7 Sep 201411 Sep 2014

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
NumberPART 2
Volume8713 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference19th European Symposium on Research in Computer Security, ESORICS 2014


  • java, min-entropy leakage, mutual information, quantitative information flow, statistical estimation