User Tools

Site Tools

Exploit Generation for Information Flow Leaks in Object-Oriented Programs (BibTeX)

  author      = {Quoc Huy Do and Richard Bubel and Reiner H{\"{a}}hnle},
  title       = {{Exploit Generation for Information Flow Leaks in Object-Oriented Programs}},
  booktitle   = {{ICT} Systems Security and Privacy Protection - 30th {IFIP} {TC} 11 International Conference, {SEC} 2015, Hamburg, Germany, May 26-28, 2015, Proceedings},
  pages       = {401--415},
  year        = 2015,
  abstract    = {We present a method to generate automatically exploits for information flow leaks in object-oriented programs. Our approach combines self-composition and symbolic execution to compose an insecurity formula for a given information flow policy and a specification of the security level of the program locations. The insecurity formula gives then rise to a model which is used to generate input data for the exploit. A prototype tool called KEG implementing the described approach for Java programs has been developed, which generates exploits as executable JUnit tests.},