We present a method to generate automatically exploits for information flow leaks in object-oriented programs. Our approach combines self-composition and symbolic execution to compose an
for a given information flow policy and a specification of the security level of the program locations. The insecurity formula gives then rise to a model which is used to generate input data for the exploit.
A prototype tool called KEG implementing the described approach for Java programs has been developed, which generates exploits as executable JUnit tests.