masters thesis (open): Quantitative Information Flow Control for Java

Information Flow Control (IFC) examines whether an attacker can gain knowledge on the secret inputs of a program by just examining the public output. Sometimes leaking a small amount of information to the attacker in inevitable, e.g. a password checker will leak whether the password is equal to a given input or not. The amount of leakage is evaluated in quantitative IFC using a measure of entropy.

An analysis has been developed as part of a master thesis that supports a basic while language with functions based on bit dependency graphs.


The aim of this thesis is to extend the existing analysis in JOANA to support larger parts of the Java semantics, e.g. object orientation.


Static Analysis, Information Flow Control