Open AccessBook Chapter10.1007/978-3-319-11212-1_13

LeakWatch: Estimating Information Leakage from Java Programs

- 07 Sep 2014

- Vol. 8713, pp 219-236

TL;DR: It is demonstrated how LeakWatch can be used to estimate the size of information leaks in a range of real-world Java programs and a new theoretical result presented in this paper and mutual information is presented.

Abstract: Programs that process secret data may inadvertently reveal information about those secrets in their publicly-observable output. This paper presents LeakWatch, a quantitative information leakage analysis tool for the Java programming language; it is based on a flexible "point-to-point" information leakage model, where secret and publicly-observable data may occur at any time during a program's execution. LeakWatch repeatedly executes a Java program containing both secret and publicly-observable data and uses robust statistical techniques to provide estimates, with confidence intervals, for min-entropy leakage using a new theoretical result presented in this paper and mutual information.We demonstrate how LeakWatch can be used to estimate the size of information leaks in a range of real-world Java programs.

AI Agents for this Paper

Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps

Most frequently asked questions

1. What have the authors contributed in "Leakwatch: estimating information leakage from java programs" ?

This paper presents LeakWatch, a quantitative information leakage analysis tool for the Java programming language ; it is based on a flexible “ point-to-point ” information leakage model, where secret and publiclyobservable data may occur at any time during a program ’ s execution.. LeakWatch repeatedly executes a Java program containing both secret and publicly-observable data and uses robust statistical techniques to provide estimates, with confidence intervals, for min-entropy leakage ( using a new theoretical result presented in this paper ) and mutual information.. The authors demonstrate how LeakWatch can be used to estimate the size of information leaks in a range of real-world Java programs.

Fig. 2. The LeakWatch classloader hierarchy. Multiple copies of the target program can be executed simultaneously and in isolation using separate instances of the LeakWatch classloader.

Fig. 4. The influence over the first bit of the keystream of each bit in a 48-bit secret initial state for Crypto-1.

Fig. 3. An overview of the Java DC-net implementation. Diner 2 pays the bill; the final result is 1, indicating that one of the Diners paid.

Fig. 1. The sampling distributions of mutual information and min-entropy leakage (and the lower/upper bounds for min-entropy leakage’s confidence interval).

Fig. 5. The effect on LeakWatch’s execution time of increasing the amount of secret or observable information in the examples in Sections 6.1 (the number of Diners, left) and 6.3 (the number of observable bits in the encrypted OpenPGP message, right).

Citations

•Posted Content

DifFuzz: Differential Fuzzing for Side-Channel Analysis

Shirin Nilizadeh, +2 more

- 16 Nov 2018

- arXiv: Cryptography and Security

TL;DR: DifFuzz as discussed by the authors is a fuzzing-based approach for detecting side-channel vulnerabilities related to time and space, which can be applied to programs written in any language.

...read moreread less

•Book Chapter•10.1007/978-3-319-96145-3_8

Model Checking Quantitative Hyperproperties

Bernd Finkbeiner, +2 more

- 14 Jul 2018

TL;DR: In this article, the authors study quantitative hyperproperties, which express a bound on the number of traces that may appear in a certain relation, and show that the running time of the HyperLTL model checking algorithm is, depending on the type of property, exponential or even doubly exponential in the quantitative bound.

...read moreread less

•Proceedings Article•10.1109/SP.2019.00073

F-BLEAU: Fast Black-box Leakage Estimation

Giovanni Cherubin, +2 more

- 04 Feb 2019

- arXiv: Cryptography and Security

TL;DR: In this paper, the authors exploit an analogy between Machine Learning and black-box leakage estimation to show that the Bayes risk of a system can be estimated by using a class of ML methods: the universally consistent learning rules; these rules can exploit patterns in the input-output examples to improve the estimates' convergence.

...read moreread less

Journal Article•10.1145/3330392

Verifying and Quantifying Side-channel Resistance of Masked Software Implementations

Pengfei Gao, +3 more

- 18 Jul 2019

- ACM Transactions on Software Engineering...

TL;DR: Power side-channel attacks, capable of deducing secret data using statistical analysis, have become a serious threat and Random masking is a widely used countermeasure for removing the statistical bias in these attacks.

...read moreread less

•Proceedings Article•10.1109/ICSE.2019.00034

DifFuzz: differential fuzzing for side-channel analysis

Shirin Nilizadeh, +2 more

- 25 May 2019

TL;DR: DifFuzz as discussed by the authors is a fuzzing-based approach for detecting side-channel vulnerabilities related to time and space, which can be applied to programs written in any language.

...read moreread less

...

Expand

References

Journal Article•10.1002/J.1538-7305.1948.TB01338.X

A mathematical theory of communication

Claude E. Shannon

- 01 Jul 1948

- Bell System Technical Journal

TL;DR: This final installment of the paper considers the case where the signals or the messages or both are continuously variable, in contrast with the discrete nature assumed until now.

...read moreread less

74.4K

[신간의 별자리x] 우리/미술, 그리고 ‘슬픔의 박물관’

이화영

- 01 Jan 2015

12.9K

•Journal Article•10.1080/14786440009463897

X. On the criterion that a given system of deviations from the probable in the case of a correlated system of variables is such that it can be reasonably supposed to have arisen from random sampling

Karl Pearson

- 01 Jul 1900

- Philosophical Magazine Series 1

TL;DR: In this article, a system of deviations from the means of n variables with standard deviations σ 1, σ 2 σ σ n and with correlations r12, r13, r23, r n −1,n.

...read moreread less

3.6K

•Book

Cryptography and data security

Dorothy E. Denning

- 01 Jan 1982

TL;DR: The goal of this book is to introduce the mathematical principles of data security and to show how these principles apply to operating systems, database systems, and computer networks.

...read moreread less

2.2K

•Journal Article•10.1007/BF00206326

The dining cryptographers problem: unconditional sender and recipient untraceability

David Chaum

- 01 Mar 1988

- Journal of Cryptology

TL;DR: The solution presented here is unconditionally or cryptographically secure, depending on whether it is based on one-time-use keys or on public keys, respectively, and can be adapted to address efficiently a wide variety of practical considerations.

...read moreread less

1.6K

...

Expand

LeakWatch: Estimating Information Leakage from Java Programs

Chat with Paper

AI Agents for this Paper

Most frequently asked questions

1. What have the authors contributed in "Leakwatch: estimating information leakage from java programs" ?

Figures

Citations

DifFuzz: Differential Fuzzing for Side-Channel Analysis

Model Checking Quantitative Hyperproperties

F-BLEAU: Fast Black-box Leakage Estimation

Verifying and Quantifying Side-channel Resistance of Masked Software Implementations

DifFuzz: differential fuzzing for side-channel analysis

References

A mathematical theory of communication

[신간의 별자리x] 우리/미술, 그리고 ‘슬픔의 박물관’

X. On the criterion that a given system of deviations from the probable in the case of a correlated system of variables is such that it can be reasonably supposed to have arisen from random sampling

Cryptography and data security

The dining cryptographers problem: unconditional sender and recipient untraceability

Related Papers (5)

On the Foundations of Quantitative Information Flow

An information-theoretic model for adaptive side-channel attacks

Probabilistic Point-to-Point Information Leakage

Measuring Information Leakage Using Generalized Gain Functions

Statistical measurement of information leakage