REAP: Reporting Errors Using Alternative Paths

Matos, João; Garcia, Jean-Marie; Romano, Paolo

doi:10.1007/978-3-642-54833-8_24

Cited by 3 publications

(3 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A different input triggering the same execution path as the original one may still leak some private information, especially the path constraints that contain strict requirement on the inputs. To further protect user privacy, several works search for alternative execution paths that have relaxed constraints on inputs while triggering the same crash [52], [53], [54]. MPP relies on symbolic execution to explore program states to find all paths that induce the same crash [52].…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

DESENSITIZATION: Privacy-Aware and Attack-Preserving Crash Report

Ding

Hong

et al. 2020

Proceedings 2020 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Software vendors collect crash reports from endusers to assist in the debugging and testing of their products. However, crash reports may contain users' private information, like names and passwords, rendering the user hesitant to share the reports with developers. We need a mechanism to protect users' privacy in crash reports on the client side while keeping sufficient information to support server-side debugging and analysis. In this paper, we propose the DESENSITIZATION technique, which generates privacy-aware and attack-preserving crash reports from crashed executions. Our tool adopts lightweight methods to identify bug-related and attack-related data from the memory, and removes other data to protect users' privacy. Since a large portion of the desensitized memory contains null bytes, we store crash reports in spare files to save the network bandwidth and the server-side storage. We prototype DESENSITIZATION and apply it to a large number of crashes of real-world programs, like browsers and the JavaScript engine. The result shows that our DESENSITIZATION technique can eliminate 80.9% of nonzero bytes from coredumps, and 49.0% from minidumps. The desensitized crash report can be 50.5% smaller than the original one, which significantly saves resources for report submission and storage. Our DESENSITIZATION technique is a pushbutton solution for the privacy-aware crash report.

show abstract

Section: Related Workmentioning

confidence: 99%

“…MPP relies on symbolic execution to explore program states to find all paths that induce the same crash [52]. REAP and RESPA improve the practicability of MPP by limiting the scope of symbolic execution [53], [54]. Specifically, REAP places randomized, bounded detours around the original path to avoid the path explosion issue.…”

Section: Related Workmentioning

confidence: 99%

DESENSITIZATION: Privacy-Aware and Attack-Preserving Crash Report

Ding

Hong

et al. 2020

Proceedings 2020 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

show abstract

“…[2], [3], [4], [5], [6], [17]). Furthermore, to enhance privacy within faultreplication, the following solutions should be considered [18], [19], [20], [21], [22], [23].…”

Section: Fault Replication Toolsmentioning

confidence: 99%

Record and Replay GUI-Based Applications with Less Overhead

Matos

Coração

Garcia

2014

2014 IEEE International Symposium on Software Reliability Engineering Workshops

View full text Add to dashboard Cite

Debugging is, typically, a hard and time-consuming task. Fault-replication mechanisms facilitate the debugging process by providing software developers with an error's "stepsto-reproduce". The main challenge of fault-replication is the overhead imposed by recording all non-deterministic events of an execution, such as thread interleaving and the user interaction with the application. The overhead imposed by user input is especially significant for graphical-based applications. This paper proposes a new approach to record and replay user interactions with the GUI, which significantly reduces the amount of recorded information. We developed an open-source implementation of an execution-recording framework and evaluated it using a test bed that includes real bugs from well-known applications. We achieved average reductions of 3567 times fewer events recorded.

show abstract