Projects per year
Abstract
Programs that process secret data may inadvertently reveal information about those secrets in their publicly-observable output. This paper presents LeakWatch, a quantitative information leakage analysis tool for the Java programming language; it is based on a flexible "point-to-point" information leakage model, where secret and publicly-observable data may occur at any time during a program's execution. LeakWatch repeatedly executes a Java program containing both secret and publicly-observable data and uses robust statistical techniques to provide estimates, with confidence intervals, for min-entropy leakage (using a new theoretical result presented in this paper) and mutual information.We demonstrate how LeakWatch can be used to estimate the size of information leaks in a range of real-world Java programs.
Original language | English |
---|---|
Title of host publication | Computer Security - ESORICS 2014 |
Subtitle of host publication | 19th European Symposium on Research in Computer Security, Wroclaw, Poland, September 7-11, 2014. Proceedings, Part II |
Editors | Mirosław Kutyłowski, Jaideep Vaidya |
Publisher | Springer |
Pages | 219-236 |
Number of pages | 18 |
Volume | 8713 LNCS |
Edition | PART 2 |
ISBN (Electronic) | 9783319112121 |
ISBN (Print) | 9783319112114 |
DOIs | |
Publication status | Published - 2014 |
Event | 19th European Symposium on Research in Computer Security, ESORICS 2014 - Wroclaw, Poland Duration: 7 Sept 2014 → 11 Sept 2014 |
Publication series
Name | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
---|---|
Number | PART 2 |
Volume | 8713 LNCS |
ISSN (Print) | 0302-9743 |
ISSN (Electronic) | 1611-3349 |
Conference
Conference | 19th European Symposium on Research in Computer Security, ESORICS 2014 |
---|---|
Country/Territory | Poland |
City | Wroclaw |
Period | 7/09/14 → 11/09/14 |
Keywords
- java
- min-entropy leakage
- mutual information
- quantitative information flow
- statistical estimation
ASJC Scopus subject areas
- Computer Science(all)
- Theoretical Computer Science
Fingerprint
Dive into the research topics of 'LeakWatch: Estimating information leakage from java programs'. Together they form a unique fingerprint.Projects
- 1 Finished
-
First Grant scheme: New Techniques for Finding and Analysing Information Leaks
Engineering & Physical Science Research Council
2/04/12 → 1/08/13
Project: Research Councils