Você está em: Start > Publications > View > DifFuzzAR: automatic repair of timing side-channel vulnerabilities via refactoring

Map of Premises

Publication

Publication Search

Publications

DifFuzzAR: automatic repair of timing side-channel vulnerabilities via refactoring

Title

DifFuzzAR: automatic repair of timing side-channel vulnerabilities via refactoringExport publication in the APA format Export publication in the EXCEL format Export publication in the RIS format

Type

Article in International Scientific Journal

Date

2024

Title

DifFuzzAR: automatic repair of timing side-channel vulnerabilities via refactoring

Type

Article in International Scientific Journal

Year

2024

Authors

Lima, R

(Author)

Other

The person does not belong to the institution. The person does not belong to the institution. The person does not belong to the institution. Without AUTHENTICUS Without ORCID

Ferreira, JF

(Author)

Other

The person does not belong to the institution. The person does not belong to the institution. The person does not belong to the institution. Without AUTHENTICUS Without ORCID

Mendes, A

(Author)

FEUP

View Personal Page You do not have permissions to view the institutional email. Search for Participant Publications View Authenticus page View ORCID page

Carreira, C

(Author)

Other

The person does not belong to the institution. The person does not belong to the institution. The person does not belong to the institution. Without AUTHENTICUS Without ORCID

Journal

Title: Automated Software EngineeringImported from Authenticus Search for Journal Publications

Vol. 31

Final page: 1

ISSN: 0928-8910

Publisher: Springer Nature

Indexing

ISI Web of Knowledge - 0 Citations

Scopus - 0 Citations

Other information

Authenticus ID: P-00Z-8AB

DOI: 10.1007/s10515-023-00398-6

Abstract (EN): Vulnerability detection and repair is a demanding and expensive part of the software development process. As such, there has been an effort to develop new and better ways to automatically detect and repair vulnerabilities. DifFuzz is a state-of-the-art tool for automatic detection of timing side-channel vulnerabilities, a type of vulnerability that is particularly difficult to detect and correct. Despite recent progress made with tools such as DifFuzz, work on tools capable of automatically repairing timing side-channel vulnerabilities is scarce. In this paper, we propose DifFuzzAR, a tool for automatic repair of timing side-channel vulnerabilities in Java code. The tool works in conjunction with DifFuzz and it is able to repair 56% of the vulnerabilities identified in DifFuzz's dataset. The results show that the tool can automatically correct timing side-channel vulnerabilities, being more effective with those that are control-flow based. In addition, the results of a user study show that users generally trust the refactorings produced by DifFuzzAR and that they see value in such a tool, in particular for more critical code.

Language: English

Type (Professor's evaluation): Scientific

No. of pages: 37

Documents

We could not find any documents associated to the publication.

Related Publications

Of the same journal

On the empirical evaluation of similarity coefficients for spreadsheets fault localization (2015)
Article in International Scientific Journal
Birgit Hofer; Alexandre Perez; Rui Abreu; Franz Wotawa

Model inference for spreadsheets (2016)
Article in International Scientific Journal
Cunha, J; Erwig, M; Mendes, J; Saraiva, J

Recommend this page Top

Copyright 1996-2025 © Faculdade de Direito da Universidade do Porto I Terms and Conditions I Acessibility I Index A-Z
Page created on: 2025-07-21 at 01:12:09 | Privacy Policy | Personal Data Protection Policy | Whistleblowing