2014 | OriginalPaper | Buchkapitel
LeakWatch: Estimating Information Leakage from Java Programs
verfasst von : Tom Chothia, Yusuke Kawamoto, Chris Novakovic
Erschienen in: Computer Security - ESORICS 2014
Verlag: Springer International Publishing
Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.
Wählen Sie Textabschnitte aus um mit Künstlicher Intelligenz passenden Patente zu finden. powered by
Markieren Sie Textabschnitte, um KI-gestützt weitere passende Inhalte zu finden. powered by
Programs that process secret data may inadvertently reveal information about those secrets in their publicly-observable output. This paper presents
LeakWatch
, a quantitative information leakage analysis tool for the Java programming language; it is based on a flexible “point-to-point” information leakage model, where secret and publicly-observable data may occur at any time during a program’s execution.
LeakWatch
repeatedly executes a Java program containing both secret and publicly-observable data and uses robust statistical techniques to provide estimates, with confidence intervals, for min-entropy leakage (using a new theoretical result presented in this paper) and mutual information.We demonstrate how
LeakWatch
can be used to estimate the size of information leaks in a range of real-world Java programs.