Registered user since Mon 22 Jun 2020
Contributions
View general profile
Registered user since Mon 22 Jun 2020
Contributions
Diversity and Inclusion Events
Wed 12 Oct 2022 14:30 - 15:30 at Ballroom C West - Fireside Chat & Ask Me Anythingno description available
Research Papers
Wed 12 Oct 2022 10:00 - 10:20 at Ballroom C East - Technical Session 9 - Security and Privacy Chair(s): Wei YangInformation leaks in software can unintentionally reveal private data, yet they are hard to detect and fix. Although several methods have been proposed to detect leakage, such as static verification-based approaches, they require specialist knowledge, and are time-consuming. Recently, HyperGI introduced a dynamic, hypertest-based approach that detects and produces potential fixes for information leakage. Its fitness function tries to balance information leakage and program correctness, but as the authors of that work point out, there may be a tradeoff between keeping program semantics and reducing information leakage.
In this work we ask if it is possible to automatically detect and repair information leakage in more realistic programs without requiring specialist knowledge. Our approach, called LeakReducer explicitly encodes the tradeoff between program correctness and information leakage as a multi-objective optimisation problem. We apply LeakReducer to a set of leaky programs including the well known Heartbleed bug. It is comparable with HyperGI on their toy applications. In addition, we demonstrate it can find and reduce leakage in real applications and we see diverse solutions on our Pareto front. Upon investigation we find that having a Pareto front helps with some types of information leakage, but not all.