UCL Discovery
UCL home » Library Services » Electronic resources » UCL Discovery

Mining for Mutation Operators for Reduction of Information Flow Control Violations

Kosorukov, Ilya; Blackwell, Daniel; Clark, David; Cohen, Myra B; Petke, Justyna; (2024) Mining for Mutation Operators for Reduction of Information Flow Control Violations. In: Proceedings of The New Ideas and Emerging Results (NIER) Track (ASE-NIER ’24). (pp. pp. 1-5). ACM (Association for Computing Machinery) (In press). Green open access

[thumbnail of Kosorukov_2024_ASENIER.pdf]
Preview
PDF
Kosorukov_2024_ASENIER.pdf - Accepted Version

Download (521kB) | Preview

Abstract

The unintentional flow of confidential data to unauthorised users is a serious software security vulnerability. Detection and repair of such errors is a non-trivial task that has been worked on by the security community for many years. More recently, dynamic approaches, such as HyperGI, have been introduced that use hypertesting and genetic improvement to not only detect, but also provide a patch that reduces such information flow control violations. However, empirical studies done so far have used mostly generic mutation operators, potentially limiting the strength of this approach. In this new ideas paper we mine the National Vulnerabilities Database to find repairs of information leaks. Of 636 issues initially identified, we found 73 fixes that relate to information leaks and come with open source patches to the code. From these, we identified 10 types of mutation operators with potential to fix such issues. Six of these have so far never been used to fix information leaks via automated mutation to the code. We propose that these could help improve effectiveness of tools using the HyperGI approach.

Type: Proceedings paper
Title: Mining for Mutation Operators for Reduction of Information Flow Control Violations
Event: Automated Software Engineering - NIER Track
Open access status: An open access version is available from UCL Discovery
Publisher version: https://conf.researchr.org/home/ase-2024
Language: English
Additional information: This version is the author accepted manuscript. For information on re-use, please refer to the publisher's terms and conditions.
Keywords: Information Leak Reduction, Information Leak Repair, Genetic Improvement
UCL classification: UCL
UCL > Provost and Vice Provost Offices > UCL BEAMS
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Computer Science
URI: https://discovery.ucl.ac.uk/id/eprint/10196237
Downloads since deposit
44Downloads
Download activity - last month
Download activity - last 12 months
Downloads by country - last 12 months

Archive Staff Only

View Item View Item