Mesecan, Ibrahim; Blackwell, Daniel; Clark, David; Cohen, Myra B; Petke, Justyna; (2022) Keeping Secrets: Multi-objective Genetic Improvement for Detecting and Reducing Information Leakage. In: ASE '22: Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering. Association for Computing Machinery (ACM): New York, NY, USA.

Preview

Text 3551349.3556947.pdf Download (2MB) | Preview

Abstract

Information leaks in software can unintentionally reveal private data, yet they are hard to detect and fix. Although several methods have been proposed to detect leakage, such as static verificationbased approaches, they require specialist knowledge, and are timeconsuming. Recently, HyperGI introduced a dynamic, hypertestbased approach that detects and produces potential fixes for information leakage. Its fitness function tries to balance information leakage and program correctness, but as the authors of that work point out, there may be a tradeoff between keeping program semantics and reducing information leakage. In this work we ask if it is possible to automatically detect and repair information leakage in more realistic programs without requiring specialist knowledge. Our approach, called LeakReducer explicitly encodes the tradeoff between program correctness and information leakage as a multi-objective optimisation problem. We apply LeakReducer to a set of leaky programs including the well known Heartbleed bug. It is comparable with HyperGI on their toy applications. In addition, we demonstrate it can find and reduce leakage in real applications and we see diverse solutions on our Pareto front. Upon investigation we find that having a Pareto front helps with some types of information leakage, but not all.

Download activity - last month

Export as CSVXMLJSON

Download activity - last 12 months

Export as XMLCSVJSON

Downloads by country - last 12 months

Export as JSONXMLCSV

Archive Staff Only

View Item