2015 | OriginalPaper | Buchkapitel
Exploit Generation for Information Flow Leaks in Object-Oriented Programs
verfasst von : Quoc Huy Do, Richard Bubel, Reiner Hähnle
Erschienen in: ICT Systems Security and Privacy Protection
Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.
Wählen Sie Textabschnitte aus um mit Künstlicher Intelligenz passenden Patente zu finden. powered by
Markieren Sie Textabschnitte, um KI-gestützt weitere passende Inhalte zu finden. powered by
We present a method to generate automatically exploits for information flow leaks in object-oriented programs. Our approach combines self-composition and symbolic execution to compose an
insecurity formula
for a given information flow policy and a specification of the security level of the program locations. The insecurity formula gives then rise to a model which is used to generate input data for the exploit.
A prototype tool called KEG implementing the described approach for Java programs has been developed, which generates exploits as executable JUnit tests.