DifFuzzAR: automatic repair of timing side-channel vulnerabilities via refactoring
DifFuzzAR: automatic repair of timing side-channel vulnerabilities via refactoring
dc.contributor.author | Alexandra Sofia Mendes | en |
dc.contributor.other | 7344 | en |
dc.date.accessioned | 2024-01-23T11:52:00Z | |
dc.date.available | 2024-01-23T11:52:00Z | |
dc.date.issued | 2024 | en |
dc.description.abstract | Vulnerability detection and repair is a demanding and expensive part of the software development process. As such, there has been an effort to develop new and better ways to automatically detect and repair vulnerabilities. DifFuzz is a state-of-the-art tool for automatic detection of timing side-channel vulnerabilities, a type of vulnerability that is particularly difficult to detect and correct. Despite recent progress made with tools such as DifFuzz, work on tools capable of automatically repairing timing side-channel vulnerabilities is scarce. In this paper, we propose DifFuzzAR, a tool for automatic repair of timing side-channel vulnerabilities in Java code. The tool works in conjunction with DifFuzz and it is able to repair 56% of the vulnerabilities identified in DifFuzz's dataset. The results show that the tool can automatically correct timing side-channel vulnerabilities, being more effective with those that are control-flow based. In addition, the results of a user study show that users generally trust the refactorings produced by DifFuzzAR and that they see value in such a tool, in particular for more critical code. | en |
dc.identifier | P-00Z-8AB | en |
dc.identifier.uri | https://repositorio.inesctec.pt/handle/123456789/14768 | |
dc.language | eng | en |
dc.rights | info:eu-repo/semantics/openAccess | en |
dc.title | DifFuzzAR: automatic repair of timing side-channel vulnerabilities via refactoring | en |
dc.type | en | |
dc.type | Publication | en |
Files
Original bundle
1 - 1 of 1
No Thumbnail Available
- Name:
- P-00Z-8AB.pdf
- Size:
- 3.23 MB
- Format:
- Adobe Portable Document Format
- Description: