LeakWatch: Estimating Information Leakage from Java Programs

  • Tom Chothia
  • Yusuke Kawamoto
  • Chris Novakovic
Conference paper

DOI: 10.1007/978-3-319-11212-1_13

Part of the Lecture Notes in Computer Science book series (LNCS, volume 8713)
Cite this paper as:
Chothia T., Kawamoto Y., Novakovic C. (2014) LeakWatch: Estimating Information Leakage from Java Programs. In: Kutyłowski M., Vaidya J. (eds) Computer Security - ESORICS 2014. ESORICS 2014. Lecture Notes in Computer Science, vol 8713. Springer, Cham

Abstract

Programs that process secret data may inadvertently reveal information about those secrets in their publicly-observable output. This paper presents LeakWatch, a quantitative information leakage analysis tool for the Java programming language; it is based on a flexible “point-to-point” information leakage model, where secret and publicly-observable data may occur at any time during a program’s execution. LeakWatch repeatedly executes a Java program containing both secret and publicly-observable data and uses robust statistical techniques to provide estimates, with confidence intervals, for min-entropy leakage (using a new theoretical result presented in this paper) and mutual information.We demonstrate how LeakWatch can be used to estimate the size of information leaks in a range of real-world Java programs.

Keywords

Quantitative information flow statistical estimation Java mutual information min-entropy leakage 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Tom Chothia
    • 1
  • Yusuke Kawamoto
    • 2
  • Chris Novakovic
    • 1
  1. 1.School of Computer ScienceUniversity of BirminghamUK
  2. 2.INRIA Saclay & LIX, École PolytechniqueFrance

Personalised recommendations