Automatic Repair of Java']Java Code with Timing Side-Channel Vulnerabilities

被引：3

作者：

Lima, Rui ^{[1
,2
]}

Ferreira, Joao F. ^{[1
,2
]}

Mendes, Alexandra ^{[3
,4
]}

机构：

[1] Univ Lisbon, INESC ID, Lisbon, Portugal

[2] Univ Lisbon, IST, Lisbon, Portugal

[3] INESC TEC, Porto, Portugal

[4] Univ Beira Interior, Covilha, Portugal

来源：

2021 36TH IEEE/ACM INTERNATIONAL CONFERENCE ON AUTOMATED SOFTWARE ENGINEERING WORKSHOPS (ASEW 2021) | 2021年

关键词：

Source Code Refactoring; Timing Side-Channel Vulnerabilities; Automatic Repair of Vulnerabilities; Code Repair; Security; !text type='Java']Java[!/text;

D O I：

10.1109/ASEW52652.2021.00014

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Vulnerability detection and repair is a demanding and expensive part of the software development process. As such, there has been an effort to develop new and better ways to automatically detect and repair vulnerabilities. DifFuzz is a state-of-the-art tool for automatic detection of timing side-channel vulnerabilities, a type of vulnerability that is particularly difficult to detect and correct. Despite recent progress made with tools such as DifFuzz, work on tools capable of automatically repairing timing side-channel vulnerabilities is scarce. In this paper, we propose DifFuzzAR, a new tool for automatic repair of timing side-channel vulnerabilities in Java code. The tool works in conjunction with DifFuzz and it is able to repair 56% of the vulnerabilities identified in DifFuzz's dataset. The results show that the tool can indeed automatically correct timing side-channel vulnerabilities, being more effective with those that are controlflow based.

引用

页码：1 / 8

页数：8

共 50 条

[21] Rule based production systems for automatic code generation in Java']Java
Bajwa, Imran Sarwar
Siddique, M. Imran
Choudhary, M. Abbas
2006 1ST INTERNATIONAL CONFERENCE ON DIGITAL INFORMATION MANAGEMENT, 2006, : 300 - +
[22] JChainz: Automatic Detection of Deserialization Vulnerabilities for the Java Language
Buccioli, Luca
Cristalli, Stefano
Vignati, Edoardo
Nava, Lorenzo
Badagliacca, Daniele
Bruschi, Danilo
Lu, Long
Lanzi, Andrea
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2023, 13867 LNCS : 136 - 155
[23] Example-Based Vulnerability Detection and Repair in Java']Java Code
Zhang, Ying
Xiao, Ya
Kabir, Md Mahir Asef
Yao, Danfeng
Meng, Na
30TH IEEE/ACM INTERNATIONAL CONFERENCE ON PROGRAM COMPREHENSION (ICPC 2022), 2022, : 190 - 201
[24] An In-depth Study of Java']Java Deserialization Remote-Code Execution Exploits and Vulnerabilities
Sayar, Imen
Bartel, Alexandre
Bodden, Eric
Le Traon, Yves
ACM TRANSACTIONS ON SOFTWARE ENGINEERING AND METHODOLOGY, 2023, 32 (01)
[25] Locating SQL Injection Vulnerabilities in Java']Java Byte Code using Natural Language Techniques
Jackson, Kevin A.
Bennett, Brian T.
IEEE SOUTHEASTCON 2018, 2018,
[26] Spi2Java']Java: Automatic cryptographic protocol Java']Java code generation from spi calculus
Pozza, D
Sisto, R
Durante, L
18TH INTERNATIONAL CONFERENCE ON ADVANCED INFORMATION NETWORKING AND APPLICATIONS, VOL 1 (LONG PAPERS), PROCEEDINGS, 2004, : 400 - 405
[27] Addressing Side-Channel Vulnerabilities in the Discrete Ziggurat Sampler
Brannigan, Seamus
O'Neill, Maire
Khalid, Ayesha
Rafferty, Ciara
SECURITY, PRIVACY, AND APPLIED CRYPTOGRAPHY ENGINEERING, SPACE 2018, 2018, 11348 : 65 - 84
[28] Automatic Repair of Java']Java Programs with Mixed Granularity and Variable Mapping
Cao, Heling
Cui, Zhiying
Deng, Miaolei
Chu, Yonghe
Meng, Yangxia
INFORMATION TECHNOLOGY AND CONTROL, 2023, 52 (01): : 68 - 84
[29] Nopol: Automatic Repair of Conditional Statement Bugs in Java']Java Programs
Xuan, Jifeng
Martinez, Matias
DeMarco, Favio
Clement, Maxime
Lamelas Marcote, Sebastian
Durieux, Thomas
Le Berre, Daniel
Monperrus, Martin
IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, 2017, 43 (01) : 34 - 55
[30] Virtual analysis and reduction of side-channel vulnerabilities of smartcards
den Hartog, J
de Vink, E
FORMAL ASPECTS IN SECURITY AND TRUST, 2005, 173 : 85 - 98

← 1 2 3 4 5 →