We present a method to generate automatically exploits for information flow leaks in object-oriented programs. Our approach combines self-composition and symbolic execution to compose an insecurity formula for a given information flow policy and a specification of the security level of the program locations. The insecurity formula gives then rise to a model which is used to generate input data for the exploit. A prototype tool called KEG implementing the described approach for Java programs has been developed, which generates exploits as executable JUnit tests.
CITATION STYLE
Do, Q. H., Bubel, R., & Hähnle, R. (2015). Exploit generation for information flow leaks in object-oriented programs. In IFIP Advances in Information and Communication Technology (Vol. 455, pp. 401–415). Springer New York LLC. https://doi.org/10.1007/978-3-319-18467-8_27
Mendeley helps you to discover research relevant for your work.