HyLeak: Hybrid Analysis Tool for Information Leakage [chapter]

Fabrizio Biondi, Yusuke Kawamoto, Axel Legay, Louis-Marie Traonouez
2017 Lecture Notes in Computer Science  
We present HyLeak, a tool for reasoning about the quantity of information leakage in programs. The tool takes as input the source code of a program and analyzes it to estimate the amount of leaked information measured by mutual information. The leakage estimation is mainly based on a hybrid method that combines precise program analysis with statistical analysis using stochastic program simulation. This way, the tool combines the best of both symbolic and randomized techniques to provide more
more » ... urate estimates with cheaper analysis, in comparison with the previous tools using one of the analysis methods alone. HyLeak is publicly available and is able to evaluate the information leakage of randomized programs, even when the secret domain is large. We demonstrate with examples that HyLeaks has the best performance among the tools that are able to analyze randomized programs with similarly high precision of estimates.
doi:10.1007/978-3-319-68167-2_11 fatcat:whuqbirtnrhmnojfn5cpydvsha