Automatic Repair of Java']Java Code with Timing Side-Channel Vulnerabilities

被引：3

作者：

Lima, Rui ^{[1
,2
]}

Ferreira, Joao F. ^{[1
,2
]}

Mendes, Alexandra ^{[3
,4
]}

机构：

[1] Univ Lisbon, INESC ID, Lisbon, Portugal

[2] Univ Lisbon, IST, Lisbon, Portugal

[3] INESC TEC, Porto, Portugal

[4] Univ Beira Interior, Covilha, Portugal

来源：

2021 36TH IEEE/ACM INTERNATIONAL CONFERENCE ON AUTOMATED SOFTWARE ENGINEERING WORKSHOPS (ASEW 2021) | 2021年

关键词：

Source Code Refactoring; Timing Side-Channel Vulnerabilities; Automatic Repair of Vulnerabilities; Code Repair; Security; !text type='Java']Java[!/text;

D O I：

10.1109/ASEW52652.2021.00014

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Vulnerability detection and repair is a demanding and expensive part of the software development process. As such, there has been an effort to develop new and better ways to automatically detect and repair vulnerabilities. DifFuzz is a state-of-the-art tool for automatic detection of timing side-channel vulnerabilities, a type of vulnerability that is particularly difficult to detect and correct. Despite recent progress made with tools such as DifFuzz, work on tools capable of automatically repairing timing side-channel vulnerabilities is scarce. In this paper, we propose DifFuzzAR, a new tool for automatic repair of timing side-channel vulnerabilities in Java code. The tool works in conjunction with DifFuzz and it is able to repair 56% of the vulnerabilities identified in DifFuzz's dataset. The results show that the tool can indeed automatically correct timing side-channel vulnerabilities, being more effective with those that are controlflow based.

引用

页码：1 / 8

页数：8

共 50 条

[31] Automatic generation of bridging code for accessing C++ from Java']Java
Schade, A
TECHNOLOGY OF OBJECT-ORIENTED LANGUAGES AND SYSTEMS (TOOLS 25) - PROCEEDINGS, 1998, : 165 - 180
[32] Automated Repair of Java']Java Programs with Random Search via Code Similarity
Cao, Heling
Liu, Fangzheng
Shi, Jianshu
Chu, Yonghe
Deng, Miaolei
2021 21ST INTERNATIONAL CONFERENCE ON SOFTWARE QUALITY, RELIABILITY AND SECURITY COMPANION (QRS-C 2021), 2021, : 470 - 477
[33] A Timing Side-Channel Attack on a Mobile GPU
Karimi, Elmira
Jiang, Zhen Hang
Fei, Yunsi
Kaeli, David
2018 IEEE 36TH INTERNATIONAL CONFERENCE ON COMPUTER DESIGN (ICCD), 2018, : 67 - 74
[34] Side-channel Timing Attack of RSA on a GPU
Luo, Chao
Fei, Yunsi
Kaeli, David
ACM TRANSACTIONS ON ARCHITECTURE AND CODE OPTIMIZATION, 2019, 16 (03)
[35] A Novel Side-Channel Timing Attack on GPUs
Jiang, Zhen Hang
Fei, Yunsi
Kaeli, David
PROCEEDINGS OF THE GREAT LAKES SYMPOSIUM ON VLSI 2017 (GLSVLSI' 17), 2017, : 167 - 172
[36] BEARS: An Extensible Java']Java Bug Benchmark for Automatic Program Repair Studies
Madeiral, Fernanda
Urli, Simon
Maia, Marcelo
Monperrus, Martin
2019 IEEE 26TH INTERNATIONAL CONFERENCE ON SOFTWARE ANALYSIS, EVOLUTION AND REENGINEERING (SANER), 2019, : 468 - 478
[37] Automatic Detection and Repair Recommendation of Directive Defects in Java']Java API Documentation
Zhou, Yu
Wang, Changzhi
Yan, Xin
Chen, Taolue
Panichella, Sebastiano
Gall, Harald
IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, 2020, 46 (09) : 1004 - 1023
[38] Automatic build repair for test cases using incompatible Java']Java versions
Mak, Ching Hang
Cheung, Shing-Chi
INFORMATION AND SOFTWARE TECHNOLOGY, 2024, 172
[39] Entropy-Shield:Side-Channel Entropy Maximization for Timing-based Side-Channel Attacks
Dhavlle, Abhijitt
Mehta, Raj
Rafatirad, Setareh
Homayoun, Houman
Dinakarrao, Sai Manoj Pudukotai
PROCEEDINGS OF THE TWENTYFIRST INTERNATIONAL SYMPOSIUM ON QUALITY ELECTRONIC DESIGN (ISQED 2020), 2020, : 161 - 166
[40] A Survey of Microarchitectural Side-channel Vulnerabilities, Attacks, and Defenses in Cryptography
Lou, Xiaoxuan
Zhang, Tianwei
Jiang, Jun
Zhang, Yinqian
ACM COMPUTING SURVEYS, 2021, 54 (06)

← 1 2 3 4 5 →