Better bug reporting with better privacy

Software vendors collect bug reports from customers to improve the quality of their software. These reports should include the inputs that make the software fail, to enable vendors to reproduce the bug. However, vendors rarely include these inputs in reports because they may contain private user data. We describe a solution to this problem that provides software vendors with new input values that satisfy the conditions required to make the software follow the same execution path until it fails, but are otherwise unrelated with the original inputs. These new inputs allow vendors to reproduce the bug while revealing less private information than existing approaches. Additionally, we provide a mechanism to measure the amount of information revealed in an error report. This mechanism allows users to perform informed decisions on whether or not to submit reports. We implemented a prototype of our solution and evaluated it with real errors in real programs. The results show that we can produce error reports that allow software vendors to reproduce bugs while revealing almost no private information.

[1]  Claude E. Shannon,et al.  The mathematical theory of communication , 1950 .

[2]  Pierangela Samarati,et al.  Generalizing Data to Provide Anonymity when Disclosing Information , 1998, PODS 1998.

[3]  Crispan Cowan,et al.  StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks , 1998, USENIX Security Symposium.

[4]  Rakesh Agrawal,et al.  Privacy-preserving data mining , 2000, SIGMOD 2000.

[5]  Yehuda Lindell,et al.  Privacy Preserving Data Mining , 2002, Journal of Cryptology.

[6]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[7]  Dhiraj K. Pradhan,et al.  Roll-Forward and Rollback Recovery: Performance-Reliability Trade-Off , 1997, IEEE Trans. Computers.

[8]  Andreas Zeller,et al.  Simplifying and Isolating Failure-Inducing Input , 2002, IEEE Trans. Software Eng..

[9]  Peter M. Broadwell,et al.  Scrash: A System for Generating Secure Crash Information , 2003, USENIX Security Symposium.

[10]  Stefan Savage,et al.  Inside the Slammer Worm , 2003, IEEE Secur. Priv..

[11]  Olatunji Ruwase,et al.  A Practical Dynamic Buffer Overflow Detector , 2004, NDSS.

[12]  Koushik Sen,et al.  CUTE: a concolic unit testing engine for C , 2005, ESEC/FSE-13.

[13]  Koushik Sen,et al.  DART: directed automated random testing , 2005, PLDI '05.

[14]  Yuanyuan Zhou,et al.  Rx: treating bugs as allergies---a safe method to survive software failures , 2005, SOSP '05.

[15]  Henry A. Kautz,et al.  Heuristics for Fast Exact Model Counting , 2005, SAT.

[16]  Zhendong Su,et al.  On deriving unknown vulnerabilities from zero-day polymorphic and metamorphic worm exploits , 2005, CCS '05.

[17]  Jun Xu,et al.  Non-Control-Data Attacks Are Realistic Threats , 2005, USENIX Security Symposium.

[18]  Miguel Castro,et al.  Vigilante: end-to-end containment of internet worms , 2005, SOSP '05.

[19]  Miguel Castro,et al.  Securing software by enforcing data-flow integrity , 2006, OSDI '06.

[20]  Hao Wang,et al.  Towards automatic generation of vulnerability-based signatures , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[21]  Sang Joon Kim,et al.  A Mathematical Theory of Communication , 2006 .

[22]  Sanjay Bhansali,et al.  Framework for instruction-level tracing and analysis of program executions , 2006, VEE '06.

[23]  Luc Longpré,et al.  Measuring privacy loss in statistical databases , 2006, DCFS.

[24]  EXE: automatically generating inputs of death , 2006, CCS '06.

[25]  Bart Selman,et al.  Model Counting: A New Strategy for Obtaining Good Bounds , 2006, AAAI.

[26]  Bruno Dutertre,et al.  A Fast Linear-Arithmetic Solver for DPLL(T) , 2006, CAV.

[27]  Jean-Phillipe Martin Upper and Lower Bounds on the Number of Solutions , 2007 .

[28]  Miguel Castro,et al.  Bouncer: securing software by blocking bad input , 2007, SOSP.

[29]  Yuanyuan Zhou,et al.  Triage: diagnosing production run failures at the user's site , 2007, SOSP.

[30]  Jörg Hoffmann,et al.  From Sampling to Model Counting , 2007, IJCAI.

[31]  Dawson R. Engler,et al.  EXE: Automatically Generating Inputs of Death , 2008, TSEC.

[32]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[33]  Patrice Godefroid,et al.  Automated Whitebox Fuzz Testing , 2008, NDSS.

[34]  Manuel Costa,et al.  Bouncer: securing software by blocking bad input , 2008, WRAITS '08.