LeakWatch: Estimating Information Leakage from Java Programs

  • Tom Chothia
  • Yusuke Kawamoto
  • Chris Novakovic
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8713)


Programs that process secret data may inadvertently reveal information about those secrets in their publicly-observable output. This paper presents LeakWatch, a quantitative information leakage analysis tool for the Java programming language; it is based on a flexible “point-to-point” information leakage model, where secret and publicly-observable data may occur at any time during a program’s execution. LeakWatch repeatedly executes a Java program containing both secret and publicly-observable data and uses robust statistical techniques to provide estimates, with confidence intervals, for min-entropy leakage (using a new theoretical result presented in this paper) and mutual information.We demonstrate how LeakWatch can be used to estimate the size of information leaks in a range of real-world Java programs.


Quantitative information flow statistical estimation Java mutual information min-entropy leakage 


  1. 1.
    Shannon, C.E.: A Mathematical Theory of Communication. Bell System Technical Journal 27(3), 379–423 (1948)CrossRefzbMATHMathSciNetGoogle Scholar
  2. 2.
    Smith, G.: On the Foundations of Quantitative Information Flow. In: de Alfaro, L. (ed.) FOSSACS 2009. LNCS, vol. 5504, pp. 288–302. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  3. 3.
    Smith, G.: Quantifying Information Flow Using Min-Entropy. In: Proc. of the 8th Conference on Quantitative Evaluation of Systems (QEST 2011), pp. 159–167 (2011)Google Scholar
  4. 4.
    Chothia, T., Kawamoto, Y., Novakovic, C., Parker, D.: Probabilistic Point-to-Point Information Leakage. In: Proc. of the 26th IEEE Computer Security Foundations Symposium (CSF 2013), pp. 193–205. IEEE Computer Society (June 2013)Google Scholar
  5. 5.
    Moddemeijer, R.: On estimation of entropy and mutual information of continuous distributions. Signal Processing 16, 233–248 (1989)CrossRefMathSciNetGoogle Scholar
  6. 6.
    Brillinger, D.R.: Some data analysis using mutual information. Brazilian Journal of Probability and Statistics 18(6), 163–183 (2004)zbMATHMathSciNetGoogle Scholar
  7. 7.
    Boreale, M., Paolini, M.: On formally bounding information leakage by statistical estimation (2014) (Unpublished Manuscript)Google Scholar
  8. 8.
    Biondi, F., Legay, A., Traonouez, L.-M., Wąsowski, A.: QUAIL: A Quantitative Security Analyzer for Imperative Code. In: Sharygina, N., Veith, H. (eds.) CAV 2013. LNCS, vol. 8044, pp. 702–707. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  9. 9.
    Mu, C., Clark, D.: A tool: quantitative analyser for programs. In: Proc.of the 8th Conference on Quantitative Evaluation of Systems (QEST 2011), pp. 145–146 (2011)Google Scholar
  10. 10.
    McCamant, S., Ernst, M.D.: Quantitative Information Flow as Network Flow Capacity. In: Proc. of the Conference on Programming Language Design and Implementation (PLDI 2008), pp. 193–205 (2008)Google Scholar
  11. 11.
    Heusser, J., Malacaria, P.: Quantifying Information Leaks in Software. In: Proc. of the 2010 Annual Computer Security Applications Conference (ACSAC 2010), pp. 261–269. ACM Press, Austin (2010)Google Scholar
  12. 12.
    Phan, Q.S., Malacaria, P., Tkachuk, O., Păsăreanu, C.S.: Symbolic quantitative information flow. ACM SIGSOFT Software Engineering Notes 37(6), 1–5 (2012)CrossRefGoogle Scholar
  13. 13.
    Chothia, T., Kawamoto, Y., Novakovic, C.: LeakWatch,
  14. 14.
    Chatzikokolakis, K., Chothia, T., Guha, A.: Statistical Measurement of Information Leakage. In: Esparza, J., Majumdar, R. (eds.) TACAS 2010. LNCS, vol. 6015, pp. 390–404. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  15. 15.
    Denning, D.E.: Cryptography and Data Security. Addison-Wesley (May 1982)Google Scholar
  16. 16.
    Myers, A.C., Liskov, B.: Complete, Safe Information Flow with Decentralized Labels. In: Proc. of the 1998 IEEE Symposium on Security and Privacy, pp. 186–197. IEEE Computer Society, Oakland (1998)Google Scholar
  17. 17.
    Pearson, K.: X. on the criterion that a given system of deviations from the probable in the case of a correlated system of variables is such that it can be reasonably supposed to have arisen from random sampling. Philosophical Magazine Series 5 50(302), 157–175 (1900)CrossRefzbMATHGoogle Scholar
  18. 18.
    Diez, D.M., Barr, C.D., Cetinkaya-Rundel, M.: OpenIntro Statistics. CreateSpace (2012)Google Scholar
  19. 19.
    Chothia, T., Kawamoto, Y., Novakovic, C.: A Tool for Estimating Information Leakage. In: Sharygina, N., Veith, H. (eds.) CAV 2013. LNCS, vol. 8044, pp. 690–695. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  20. 20.
    Kawamoto, Y., Chatzikokolakis, K., Palamidessi, C.: Compositionality Results for Quantitative Information Flow. In: Proc. of the 11th International Conference on Quantitative Evaluation of Systems, QEST 2014 (to appear, September 2014)Google Scholar
  21. 21.
    OW2 Consortium: ASM,
  22. 22.
    Chaum, D.: The Dining Cryptographers Problem: Unconditional Sender and Recipient Untraceability. Journal of Cryptology, 65–75 (1988)Google Scholar
  23. 23.
    Garcia, F.D., van Rossum, P., Verdult, R., Schreur, R.W.: Wirelessly pickpocketing a Mifare Classic card. In: IEEE Symposium on Security and Privacy (S&P 2009), pp. 3–15. IEEE (2009)Google Scholar
  24. 24.
    Verdult, R., Garcia, F.D., Balasch, J.: Gone in 360 seconds: Hijacking with Hitag2. In: 21st USENIX Security Symposium (USENIX Security 2012), pp. 237–252. USENIX Association (2012)Google Scholar
  25. 25.
    Callas, J., Donnerhacke, L., Finney, H., Shaw, D., Thayer, R.: OpenPGP Message Format,
  26. 26.
    Legion of the Bouncy Castle Inc.: The Legion of the Bouncy Castle Java Cryptography APIs,

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Tom Chothia
    • 1
  • Yusuke Kawamoto
    • 2
  • Chris Novakovic
    • 1
  1. 1.School of Computer ScienceUniversity of BirminghamUK
  2. 2.INRIA Saclay & LIX, École PolytechniqueFrance

Personalised recommendations