Abstract

Vulnerability detection and repair is a demanding and expensive part of the software development process. As such, there has been an effort to develop new and better ways to automatically detect and repair vulnerabilities. DifFuzz is a state-of-the-art tool for automatic detection of timing side-channel vulnerabilities, a type of vulnerability that is particularly difficult to detect and correct. Despite recent progress made with tools such as DifFuzz, work on tools capable of automatically repairing timing side-channel vulnerabilities is scarce. In this paper, we propose DifFuzzAR, a tool for automatic repair of timing side-channel vulnerabilities in Java code. The tool works in conjunction with DifFuzz and it is able to repair 56% of the vulnerabilities identified in DifFuzz’s dataset. The results show that the tool can automatically correct timing side-channel vulnerabilities, being more effective with those that are control-flow based. In addition, the results of a user study show that users generally trust the refactorings produced by DifFuzzAR and that they see value in such a tool, in particular for more critical code.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
Automatic Repair of Java Code with Timing Side-Channel Vulnerabilities
Rui Lima ... Joao F Ferreira
-
Rui Lima, et. al.Rui Lima ... Joao F Ferreira
01 Nov 2021
Automatic detecting indicators for quality of health information on the Web
Yunli Wang ... Zhenkai Liu
International Journal of Medical Informatics | VOL. 76
Yunli Wang, et. al.Yunli Wang ... Zhenkai Liu
05 Jun 2006
A Comparative Study of Static Code Analysis tools for Vulnerability Detection in C/C++ and JAVA Source Code
Arvinder Kaur ... Ruchikaa Nayyar
Procedia Computer Science | VOL. 171
Arvinder Kaur, et. al.Arvinder Kaur ... Ruchikaa Nayyar
01 Jan 2020
Automatic Vulnerability Detection in Tizen Applications with Dynamic Symbolic Execution
Sobhan Safdarian ... Maryam Mouzarani
International Journal of Information and Communication Sciences | VOL. -
Sobhan Safdarian, et. al.Sobhan Safdarian ... Maryam Mouzarani
09 Feb 2023
View more papers

More From: Automated Software Engineering

Paper Title
Journal
Date
Author
Evoattack: suppressive adversarial attacks against object detection models using evolutionary search
Kenneth H Chan ... Betty H C Cheng
Automated Software Engineering | VOL. 32
Kenneth H Chan, et. al.Kenneth H Chan ... Betty H C Cheng
06 Nov 2024
Multi-objective improvement of Android applications
James Callan ... Justyna Petke
Automated Software Engineering | VOL. 32
James Callan, et. al.James Callan ... Justyna Petke
04 Nov 2024
Contractsentry: a static analysis tool for smart contract vulnerability detection
Shiji Wang ... Xiangfu Zhao
Automated Software Engineering | VOL. 32
Shiji Wang, et. al.Shiji Wang ... Xiangfu Zhao
23 Oct 2024
Exploring the impact of code review factors on the code review comment generation
Junyi Lu ... Zhangyi Li
Automated Software Engineering | VOL. 31
Junyi Lu, et. al.Junyi Lu ... Zhangyi Li
01 Oct 2024
View more papers

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.