Write a Blog >>
ASE 2021
Sun 14 - Sat 20 November 2021 Australia
Wed 17 Nov 2021 19:50 - 20:00 at Kangaroo - Detection Chair(s): Cuiyun Gao

Maintaining confidential information control in software is a persistent security problem where failure means secrets can be revealed via program behaviors. Information flow control techniques traditionally have been based on static or symbolic analyses - limited in scalability and specialized to particular languages. When programs do leak secrets there are no approaches to automatically repair them unless the leak causes a functional test to fail. We present our vision for HyperGI, a genetic improvement framework that detects, localizes and repairs information leakage. Key elements of HyperGI include (1) the use of two orthogonal test suites, (2) a dynamic leak detection approach which estimates and localizes potential leaks, and (3) a repair component that produces a candidate patch using genetic improvement. We demonstrate the successful use of HyperGI on several programs which have no failing functional tests. We manually examine the resulting patches and identify trade-offs and future directions for fully realizing our vision.

Wed 17 Nov

Displayed time zone: Hobart change

19:00 - 20:00
DetectionResearch Papers / NIER track at Kangaroo
Chair(s): Cuiyun Gao Harbin Institute of Technology
19:00
20m
Talk
Race Detection for Event-Driven Node.js Applications
Research Papers
Xiaoning Chang Institute of Software, Chinese Academy of Sciences, Wensheng Dou Institute of Software at Chinese Academy of Sciences; University of Chinese Academy of Sciences, Jun Wei Institute of Software at Chinese Academy of Sciences; University of Chinese Academy of Sciences, Tao Huang Institute of Software Chinese Academy of Sciences, Jinhui Xie Tencent Inc., Yuetang Deng Tencent, Jianbo Yang Tencent Inc., Jiaheng Yang Tencent Inc.
19:20
20m
Talk
Log-based Anomaly Detection Without Log Parsing
Research Papers
Van-Hoang Le The University of Newcastle, Hongyu Zhang University of Newcastle
19:40
10m
Talk
Log Anomaly to Resolution: AI Based Proactive Incident Remediation
NIER track
Ruchi Mahindru IBM Research, Harshit Kumar IBM Research, Sahil Bansal IBM Research
19:50
10m
Talk
HyperGI: Automated Detection and Repair of Information Flow Leakage
NIER track
Ibrahim Mesecan Iowa State University, Daniel Blackwell University College London, David Clark University College London, Myra Cohen Iowa State University, Justyna Petke University College London
Pre-print