Miguel Castro
Abstract
Software vendors collect bug reports from customers to improve the quality of their software. These reports should include the inputs that make the software fail, to enable vendors to reproduce the bug. However, vendors rarely include these inputs in reports because they may contain private user data. We describe a solution to this problem that provides software vendors with new input values that satisfy the conditions required to make the software follow the same execution path until it fails, but are otherwise unrelated with the original inputs. These new inputs allow vendors to reproduce the bug while revealing less private information than existing approaches. Additionally, we provide a mechanism to measure the amount of information revealed in an error report. This mechanism allows users to perform informed decisions on whether or not to submit reports. We implemented a prototype of our solution and evaluated it with real errors in real programs. The results show that we can produce error reports that allow software vendors to reproduce bugs while revealing almost no private information.
Supplemental Material
Available for Download
Slides from the presentation
Supplemental material for Better bug reporting with better privacy
- GHttpd Log() Function Buffer Overflow Vulnerability (Bugtraq ID: 5960). http://www.securityfocus.com/bid/5960.Google Scholar
- Null HTTPd Remote Heap Overflow Vulnerability (Bugtraq ID: 5774). http://www.securityfocus.com/bid/5774.Google Scholar
- Portable network graphics (png) specification and extensions. http://www.libpng.org/pub/png/spec/.Google Scholar
- AGRAWAL, R., AND SRIKANT, R. Privacy-preserving data mining. In SIGMOD '00: Proceedings of the 2000 ACM SIGMOD international conference on Management of data (2000), pp. 439--450. Google ScholarDigital Library
- BHANSALI, S., CHEN, W.-K., DE JONG, S., EDWARDS, A., MURRAY, R., DRINIC, M., MIHOCKA, D., AND CHAU, J. Framework for instruction-level tracing and analysis of program executuions. In VEE (June 2006). Google ScholarDigital Library
- BROADWELL, P., HARREN, M., AND SASTRY, N. Scrash: a system for generating secure crash information.Google Scholar
- BRUMLEY, D., NEWSOME, J., SONG, D., WANG, H., AND JHA, S. Towards automatic generation of vulnerability signatures. In IEEE Symposium on Security and Privacy (May 2006). Google ScholarDigital Library
- CADAR, C., GANESH, V., PAWLOWSKI, P. M., DILL, D. L., AND ENGLER, D. R. EXE: Automatically Generating Inputs of Death. In 13th ACM Conference on Computer and Communications Security (2006). Google ScholarDigital Library
- CASTRO, M., COSTA, M., AND HARRIS, T. Securing software by enforcing data-flow integrity. In OSDI (Nov. 2006). Google ScholarDigital Library
- CHEN, S., XU, J., SEZER, E. C., GAURIAR, P., AND IYER, R. K. Non-control-data attacks are realistic threats. In USENIX Security Symposium (July 2005). Google ScholarDigital Library
- CHIRAYATH, V., LONGPRE, L., AND KREINOVICH, V. Measuring privacy loss in statistical databases. In Workshop on Descriptional Complexity of Formal Systems (June 2006), pp. 16--25.Google Scholar
- COSTA, M., CASTRO, M., ZHOU, L., ZHANG, L., AND PEINADO, M. Bouncer: Securing Software by Blocking Bad Input. In SOSP (Oct. 2007). Google ScholarDigital Library
- COSTA, M., CROWCROFT, J., CASTRO, M., ROWSTRON, A., ZHOU, L., ZHANG, L., AND BARHAM, P. Vigilante: End-to-End Containment of Internet Worms. In SOSP (Oct. 2005). Google ScholarDigital Library
- COWAN, C., PU, C., MAIER, D., HINTON, H., WADPOLE, J., BAKKE, P., BEATTIE, S., GRIER, A., WAGLE, P., AND ZHANG, Q. Stackguard: Automatic detection and prevention of buffer-overrun attacks. In USENIX Security Symposium (Jan. 1998). Google ScholarDigital Library
- CRANDALL, J. R., SU, Z., WU, S. F., AND CHONG, F. T. On deriving unknown vulnerabilities from zero-day polymorphic and metamorphic worm exploits. In ACM CCS (Nov. 2005). Google ScholarDigital Library
- DE MOURA, L., AND BJORNER, N. Z3: An Efficient SMT Solver. In Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS) (Apr. 2008). Google ScholarDigital Library
- DUTERTRE, B., AND DE MOURA, L. The YICES SMT Solver. http://yices.csl.sri.com.Google Scholar
- DUTERTRE, B., AND DE MOURA, L. A fast linear-arithemic solver for dpll(t). In CAV06 (Aug. 2006). Google ScholarDigital Library
- ELNOZAHY, E. N., ALVISI, L., WANG, Y.-M., AND JOHNSON, D. B. A survey of rollback-recovery protocols in message-passing systems. ACM Computing Surveys 34, 3 (Sept. 2002), 375--408. Google ScholarDigital Library
- GODEFROID, P., KLARLUND, N., AND SEN, K. DART: Directed Automated Random Testing. In PLDI (2005). Google ScholarDigital Library
- GODEFROID, P., LEVIN, M. Y., AND MOLNAR, D. Automated whitebox fuzz testing. Tech. Rep. MSR-TR-2007-58, Microsoft Research Technical Report, May 2007.Google Scholar
- GOMES, C. P., HOFFMANN, J., SABHARWAL, A., AND SELMAN, B. From sampling to model counting. In IJCAI (2007), pp. 2293--2299. Google ScholarDigital Library
- GOMES, C. P., SABHARWAL, A., AND SELMAN, B. Model counting: A new strategy for obtaining good bounds. In AAAI (2006). Google ScholarDigital Library
- MARTIN, J.-P. Upper and lower bounds on the number of solutions. Tech. Rep. MSR-TR-2007-164, Dec. 2007.Google Scholar
- MICROSOFT CORPORATION. Msn messenger. http://messenger.msn.com.Google Scholar
- MICROSOFT CORPORATION. Privacy statement for the microsoft error reporting service, Oct. 2005. http://oca.microsoft.com/en/dcp20.asp.Google Scholar
- MICROSOFT CORPORATION. Description of the end user privacy policy in application error reporting when you are using office. Microsoft Knowledge Base Q283768, Jan. 2007. http://support.microsoft.com/kb/283768.Google Scholar
- MICROSOFT CORPORATION. Dr. watson overview, Jan. 2007. http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/drwatson overview.mspx?mfr=true.Google Scholar
- MITRE CORPORATION. Multiple buffer overflows in libpng 1.2.5. CVE-2004-0597, June 2004. http://cve.mitre.org/cgibin/cvename.cgi?name=CAN-2004-0597.Google Scholar
- MOORE, D., PAXSON, V., SAVAGE, S., SHANNON, C., STANIFORD, S., AND WEAVER, N. Inside the Slammer worm. IEEE Security and Privacy 1, 4 (July 2003). Google ScholarDigital Library
- QIN, F., TUCEK, J., SUNDARESAN, J., AND ZHOU, Y. Rx: Treating bugs as allergies -- a safe method to survive software failures. In SOSP (Nov. 2005). Google ScholarDigital Library
- RUWASE, O., AND LAM, M. A practical dynamic buffer overflow detector. In NDSS (Feb. 2004).Google Scholar
- SAMARATI, P., AND SWEENEY, L. Generalizing data to provide anonymity when disclosing information. In Proceedings of the 17th Symposium on Principles of Database Systems (1998), p. 188. Google ScholarDigital Library
- SANG, T., BEAME, P., AND KAUTZ, H. A. Heuristics for fast exact model counting. In SAT (2005), pp. 226--240. Google ScholarDigital Library
- SEN, K., MARINOV, D., AND AGHA, G. CUTE: A Concolic Unit Testing Engine for C. In ESEC/FSE (2005). Google ScholarDigital Library
- SHANNON, C. E. A mathematical theory of communication. SIGMOBILE Mob. Comput. Commun. Rev. 5, 1 (2001), 3--55. Google ScholarDigital Library
- SWEENEY, L. k-anonymity: a model for protecting privacy. Int. J. Uncertain. Fuzziness Knowl.-Based Syst. 10, 5 (2002), 557--570. Google ScholarDigital Library
- TUCEK, J., LU, S., HUANG, C., XANTHOS, S., AND ZHOU, Y. Triage: diagnosing production run failures at the user's site. In SOSP (Nov. 2007). Google ScholarDigital Library
- ZELLER, A., AND HILDEBRANDT, R. Simplifying and isolating failure-inducing input. IEEE Trans. Software Eng. 28, 2 (2002), 183--200. Google ScholarDigital Library
Index Terms
- Better bug reporting with better privacy
Recommendations
Better bug reporting with better privacy
ASPLOS '08Software vendors collect bug reports from customers to improve the quality of their software. These reports should include the inputs that make the software fail, to enable vendors to reproduce the bug. However, vendors rarely include these inputs in ...
Better bug reporting with better privacy
ASPLOS XIII: Proceedings of the 13th international conference on Architectural support for programming languages and operating systemsSoftware vendors collect bug reports from customers to improve the quality of their software. These reports should include the inputs that make the software fail, to enable vendors to reproduce the bug. However, vendors rarely include these inputs in ...
Better bug reporting with better privacy
ASPLOS '08Software vendors collect bug reports from customers to improve the quality of their software. These reports should include the inputs that make the software fail, to enable vendors to reproduce the bug. However, vendors rarely include these inputs in ...
Comments