Título: Automated Software EngineeringImportada do Authenticus Pesquisar Publicações da Revista

Vol. 31

Página Final: 1

ISSN: 0928-8910

Editora: Springer Nature

ISI Web of Knowledge - 0 Citações

Scopus - 0 Citações

ID Authenticus: P-00Z-8AB

DOI: 10.1007/s10515-023-00398-6

Abstract (EN): Vulnerability detection and repair is a demanding and expensive part of the software development process. As such, there has been an effort to develop new and better ways to automatically detect and repair vulnerabilities. DifFuzz is a state-of-the-art tool for automatic detection of timing side-channel vulnerabilities, a type of vulnerability that is particularly difficult to detect and correct. Despite recent progress made with tools such as DifFuzz, work on tools capable of automatically repairing timing side-channel vulnerabilities is scarce. In this paper, we propose DifFuzzAR, a tool for automatic repair of timing side-channel vulnerabilities in Java code. The tool works in conjunction with DifFuzz and it is able to repair 56% of the vulnerabilities identified in DifFuzz's dataset. The results show that the tool can automatically correct timing side-channel vulnerabilities, being more effective with those that are control-flow based. In addition, the results of a user study show that users generally trust the refactorings produced by DifFuzzAR and that they see value in such a tool, in particular for more critical code.

Idioma: Inglês

Tipo (Avaliação Docente): Científica

Nº de páginas: 37