Automated Code Repair Based on Inferred Specifications

被引:0
作者
Klieber, William [1 ]
Snavely, Will [1 ]
机构
[1] Carnegie Mellon Univ, Software Engn Inst, Pittsburgh, PA 15213 USA
来源
2016 IEEE CYBERSECURITY DEVELOPMENT (IEEE SECDEV 2016) | 2016年
基金
美国安德鲁·梅隆基金会;
关键词
D O I
10.1109/SecDev.2016.24
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
Techniques for automated code repair have the potential for greatly aiding in the development of secure and correct code. There are currently a few major difficulties confronting the development and deployment of tools for automated repair; we examine these and briefly explore possible solutions. To give a flavor of what automated repair might look like, we discuss in detail three types of proposed automated repair: (1) repairing inequality comparisons involving integer overflow to behave the same as if unlimited-bitwidth integers were used, (2) inserting memory bounds checks where needed, using dynamic analysis to infer tightest correct bounds, (3) inserting missing authorization checks in a client-server application based on an inferred access control policy.
引用
收藏
页码:130 / 137
页数:8
相关论文
共 33 条
[1]  
[Anonymous], 2015, ICSE
[2]  
[Anonymous], IEEE T SOFTWARE ENG
[3]  
Brummayer R., 2009, Tools and Algorithms for the Construction and Analysis of Systems
[4]  
Clarke EM, 1999, MODEL CHECKING, P1
[5]  
Coker Z, 2013, PROCEEDINGS OF THE 35TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING (ICSE 2013), P792, DOI 10.1109/ICSE.2013.6606625
[6]  
Cousot P, 1977, POPL, P238, DOI [DOI 10.1145/512950.512973, 10.1145/512950.512973]
[7]  
Dallmeier V., 2009, IEEE ACM INT C AUT S
[8]  
Dannenberg R. B., 2010, IEEE INT S SOFTW REL
[9]  
Dhurjati Dinakar, 2006, ICSE
[10]   Heap Bounds Protection with Low Fat Pointers [J].
Duck, Gregory J. ;
Yap, Roland H. C. .
PROCEEDINGS OF THE 25TH INTERNATIONAL CONFERENCE ON COMPILER CONSTRUCTION (CC 2016), 2016, :132-142
1234