HOME | DEUTSCH | IMPRESSUM | KIT

masters thesis (open): Quantitative Information Flow Control for Java

Information Flow Control (IFC) examines whether an attacker can gain knowledge on the secret inputs of a program by just examining the public output. Sometimes leaking a small amount of information to the attacker in inevitable, e.g. a password checker will leak whether the password is equal to a given input or not. The amount of leakage is evaluated in quantitative IFC using a measure of entropy.

An analysis has been developed as part of a master thesis that supports a basic while language with functions based on bit dependency graphs.

Task:

The aim of this thesis is to extend the existing analysis in JOANA to support larger parts of the Java semantics, e.g. object orientation.

Keywords

Static Analysis, Information Flow Control