Explore a groundbreaking approach to automatic program repair (APR) for security vulnerabilities in this conference talk from the 2019 IEEE Symposium on Security & Privacy. Delve into the concept of property-based APR, which utilizes human-specified, program-independent, and vulnerability-specific safety properties to generate precise and complete source code patches. Learn about Senx, an innovative system that detects violated safety properties and creates corresponding patches to remove vulnerabilities. Discover how Senx overcomes challenges in property-based APR, including identifying necessary program expressions and variables, generating new code to avoid unwanted side effects, and implementing a novel access range analysis technique to optimize patch placement. Examine the effectiveness of this approach through an evaluation of 42 real-world vulnerabilities across 11 applications, including graphics/media file manipulation tools, programming language interpreters, and database engines.
Using Safety Properties to Generate Vulnerability Patches
Overview
Syllabus
Using Safety Properties to Generate Vulnerability Patches Zhen Huang
Taught by
IEEE Symposium on Security and Privacy
Tags
Related Courses
-
Using Safety Properties to Generate Vulnerability Patches
-
SmartPulse - Automated Checking of Temporal Properties in Smart Contracts
-
Examining Zero-Shot Vulnerability Repair with Large Language Models
-
Effective ReDoS Detection by Principled Vulnerability Modeling and Exploit Generation
-
Transys - Leveraging Common Security Properties Across Hardware Designs
-
GraphSPD - Graph-Based Security Patch Detection with Enriched Code Semantics
