HyperGI: Automated Detection and Repair of Information Flow Leakage
Maintaining confidential information control in software is a persistent security problem where failure means secrets can be revealed via program behaviors. Information flow control techniques traditionally have been based on static or symbolic analyses - limited in scalability and specialized to particular languages. When programs do leak secrets there are no approaches to automatically repair them unless the leak causes a functional test to fail. We present our vision for HyperGI, a genetic improvement framework that detects, localizes and repairs information leakage. Key elements of HyperGI include (1) the use of two orthogonal test suites, (2) a dynamic leak detection approach which estimates and localizes potential leaks, and (3) a repair component that produces a candidate patch using genetic improvement. We demonstrate the successful use of HyperGI on several programs which have no failing functional tests. We manually examine the resulting patches and identify trade-offs and future directions for fully realizing our vision.
Wed 17 NovDisplayed time zone: Hobart change
19:00 - 20:00
DetectionResearch Papers / NIER track at Kangaroo
Chair(s): Cuiyun Gao Harbin Institute of Technology
|Race Detection for Event-Driven Node.js Applications|
Xiaoning Chang Institute of Software, Chinese Academy of Sciences, Wensheng Dou Institute of Software at Chinese Academy of Sciences; University of Chinese Academy of Sciences, Jun Wei Institute of Software at Chinese Academy of Sciences; University of Chinese Academy of Sciences, Tao Huang Institute of Software Chinese Academy of Sciences, Jinhui Xie Tencent Inc., Yuetang Deng Tencent, Jianbo Yang Tencent Inc., Jiaheng Yang Tencent Inc.
|Log-based Anomaly Detection Without Log Parsing|
Van-Hoang Le The University of Newcastle, Hongyu Zhang University of NewcastleLink to publication DOI Pre-print
|Log Anomaly to Resolution: AI Based Proactive Incident Remediation|
Ruchi Mahindru IBM Research, Harshit Kumar IBM Research, Sahil Bansal IBM Research
|HyperGI: Automated Detection and Repair of Information Flow Leakage|
Ibrahim Mesecan Iowa State University, Daniel Blackwell University College London, David Clark University College London, Myra Cohen Iowa State University, Justyna Petke University College LondonPre-print