Exploit Generation for Information Flow Leaks in Object-Oriented Programs - ICT Systems Security and Privacy Protection
Conference Papers Year : 2015

Exploit Generation for Information Flow Leaks in Object-Oriented Programs

Abstract

We present a method to generate automatically exploits for information flow leaks in object-oriented programs. Our approach combines self-composition and symbolic execution to compose an insecurity formula for a given information flow policy and a specification of the security level of the program locations. The insecurity formula gives then rise to a model which is used to generate input data for the exploit.A prototype tool called KEG implementing the described approach for Java programs has been developed, which generates exploits as executable JUnit tests.
Fichier principal
Vignette du fichier
337885_1_En_27_Chapter.pdf (476.77 Ko) Télécharger le fichier
Origin Files produced by the author(s)
Loading...

Dates and versions

hal-01345131 , version 1 (13-07-2016)

Licence

Identifiers

Cite

Quoc Huy Do, Richard Bubel, Reiner Hähnle. Exploit Generation for Information Flow Leaks in Object-Oriented Programs. 30th IFIP International Information Security Conference (SEC), May 2015, Hamburg, Germany. pp.401-415, ⟨10.1007/978-3-319-18467-8_27⟩. ⟨hal-01345131⟩
160 View
207 Download

Altmetric

Share

More