UCL Discovery
UCL home » Library Services » Electronic resources » UCL Discovery

HyperGI: Automated Detection and Repair of Information Flow Leakage

Mesecan, I; Blackwell, D; Clark, D; Cohen, MB; Petke, J; (2022) HyperGI: Automated Detection and Repair of Information Flow Leakage. In: 36th IEEE/ACM International Conference on Automated Software Engineering (ASE). IEEE: Melbourne, Australia. Green open access

[thumbnail of mainaccepted.pdf]
Preview
Text
mainaccepted.pdf - Accepted Version

Download (266kB) | Preview

Abstract

Maintaining confidential information control in soft-ware is a persistent security problem where failure means secrets can be revealed via program behaviors. Information flow control techniques traditionally have been based on static or symbolic analyses — limited in scalability and specialized to particular languages. When programs do leak secrets there are no approaches to automatically repair them unless the leak causes a functional test to fail. We present our vision for HyperGI, a genetic improvement framework that detects, localizes and repairs information leakage. Key elements of HyperGI include (1) the use of two orthogonal test suites, (2) a dynamic leak detection approach which estimates and localizes potential leaks, and (3) a repair component that produces a candidate patch using genetic improvement. We demonstrate the successful use of HyperGI on several programs with no failing functional test cases. We manually examine the resulting patches and identify trade-offs and future directions for fully realizing our vision.

Type: Proceedings paper
Title: HyperGI: Automated Detection and Repair of Information Flow Leakage
Event: The 36th IEEE/ACM International Conference on Automated Software Engineering
Dates: 15 November 2021
Open access status: An open access version is available from UCL Discovery
DOI: 10.1109/ASE51524.2021.9678758
Publisher version: https://doi.org/10.1109/ASE51524.2021.9678758
Language: English
Additional information: This version is the author accepted manuscript. For information on re-use, please refer to the publisher’s terms and conditions.
Keywords: Information flow leakage, genetic improvement
UCL classification: UCL
UCL > Provost and Vice Provost Offices > UCL BEAMS
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Computer Science
URI: https://discovery.ucl.ac.uk/id/eprint/10136860
Downloads since deposit
47Downloads
Download activity - last month
Download activity - last 12 months
Downloads by country - last 12 months

Archive Staff Only

View Item View Item