User Tools

Site Tools


Inferring Secrets by Guided Experiments (BibTeX)

@inproceedings{DoBubelHaehnle-ICTAC-2017,
  author      = {Quoc Huy Do and Richard Bubel and Reiner H{\"{a}}hnle},
  title       = {{Inferring Secrets by Guided Experiments}},
  booktitle   = {Theoretical Aspects of Computing - {ICTAC} 2017 - 14th International Colloquium, Hanoi, Vietnam, October 23-27, 2017, Proceedings},
  pages       = {269-287},
  year        = 2017,
  publisher   = {Springer},
  note        = {Best paper award},
  abstract    = {A program has secure information flow if it does not leak any secret information to publicly observable output. A large number of static and dynamic analyses have been devised to check programs for secure information flow. In this paper, we present an algorithm that can carry out a systematic and efficient attack to automatically extract secrets from an insecure program. The algorithm combines static analysis and dynamic execution. The attacker strategy learns from past experiments and chooses as its next attack one that promises maximal knowledge gain about the secret. The idea is to provide the software developer with concrete information about the severity of an information leakage.},
}