Vulnerability detection and repair is a demanding and expensive part of the software development process. As such, there has been an effort to develop new and better ways to automatically detect and repair vulnerabili...
详细信息
Vulnerability detection and repair is a demanding and expensive part of the software development process. As such, there has been an effort to develop new and better ways to automatically detect and repair vulnerabilities. DifFuzz is a state-of-the-art tool for automatic detection of timing side-channel vulnerabilities, a type of vulnerability that is particularly difficult to detect and correct. Despite recent progress made with tools such as DifFuzz, work on tools capable of automatically repairing timing side-channel vulnerabilities is scarce. In this paper, we propose DifFuzzAR, a tool for automatic repair of timing side-channel vulnerabilities in Java code. The tool works in conjunction with DifFuzz and it is able to repair 56% of the vulnerabilities identified in DifFuzz's dataset. The results show that the tool can automatically correct timing side-channel vulnerabilities, being more effective with those that are control-flow based. In addition, the results of a user study show that users generally trust the refactorings produced by DifFuzzAR and that they see value in such a tool, in particular for more critical code.
Integer overflows have threatened software applications for decades. Thus, in this paper, we propose a novel technique to provide automatic repairs of integer overflows in C sourcecode. Our technique, based on static...
详细信息
Integer overflows have threatened software applications for decades. Thus, in this paper, we propose a novel technique to provide automatic repairs of integer overflows in C sourcecode. Our technique, based on static symbolic execution, fuses detection, repair generation and validation. This technique is implemented in a prototype named IntRepair. We applied IntRepair to 2,052 C programs (approx. 1 million lines of code) contained in SAMATE's Juliet test suite and 50 synthesized programs that range up to 20 KLOC. Our experimental results show that IntRepair is able to effectively detect integer overflows and successfully repair them, while only increasing the sourcecode (LOC) and binary (Kb) size by around 1 percent, respectively. Further, we present the results of a user study with 30 participants which shows that IntRepair repairs are more than 10x efficient as compared to manually generated code repairs.
Vulnerability detection and repair is a demanding and expensive part of the software development process. As such, there has been an effort to develop new and better ways to automatically detect and repair vulnerabili...
详细信息
ISBN:
(纸本)9781665435833
Vulnerability detection and repair is a demanding and expensive part of the software development process. As such, there has been an effort to develop new and better ways to automatically detect and repair vulnerabilities. DifFuzz is a state-of-the-art tool for automatic detection of timing side-channel vulnerabilities, a type of vulnerability that is particularly difficult to detect and correct. Despite recent progress made with tools such as DifFuzz, work on tools capable of automatically repairing timing side-channel vulnerabilities is scarce. In this paper, we propose DifFuzzAR, a new tool for automatic repair of timing side-channel vulnerabilities in Java code. The tool works in conjunction with DifFuzz and it is able to repair 56% of the vulnerabilities identified in DifFuzz's dataset. The results show that the tool can indeed automatically correct timing side-channel vulnerabilities, being more effective with those that are controlflow based.
Programming apprentices may choose to prioritize the correct functioning of a sourcecode without focusing on their quality, making them difficult to maintain and test. Based on that, a phenomenon called unnecessary s...
详细信息
ISBN:
(纸本)9781450353021
Programming apprentices may choose to prioritize the correct functioning of a sourcecode without focusing on their quality, making them difficult to maintain and test. Based on that, a phenomenon called unnecessary structural complexity may occur, in which a program has a cyclomatic complexity value that can be reduced without affecting its external behavior. In a previous work, we developed an approach and tool to address this problem. The approach is able to identify the presence of unnecessary cyclomatic complexity and to show the developer a suggestion to restructure the sourcecode, through a control flow graph. The goal of this paper is to automate the source code refactoring process to support the elimination of unnecessary cyclomatic complexity. We performed two experimental studies to evaluate the approach in the academic context. The evidences provided by these studies suggest that the approach is able to support unnecessary cyclomatic complexity removal. We could not find, however, evidences about the implications of such approach on unit tests development.
Adaptive user-interface composition is the ability of a software system to: (a) compose its user-interface at runtime according to a given deployment profile;and (b) to possibly drop running components and activate be...
详细信息
ISBN:
(纸本)9781450300834
Adaptive user-interface composition is the ability of a software system to: (a) compose its user-interface at runtime according to a given deployment profile;and (b) to possibly drop running components and activate better alternatives in their place in response to deployment profile modifications. While adaptive behavior has gained interest for a wide range of software products and services, its support is very demanding requiring adoption of user-interface architectural patterns from the early software design stages. While previous research addressed the issue of engineering adaptive systems from scratch, there is an important methodological gap since we lack processes to reform existing non-adaptive systems towards adaptive behavior. We present a stepwise transformation process of user-interface software by incrementally upgrading relevant class structures towards adaptive composition by treating adaptive behavior as a cross-cutting concern. All our refactoring examples have emerged from real practice.
暂无评论