ABSTRACT
Software vendors collect bug reports from customers to improve the quality of their software. These reports should include the inputs that make the software fail, to enable vendors to reproduce the bug. However, vendors rarely include these inputs in reports because they may contain private user data. We describe a solution to this problem that provides software vendors with new input values that satisfy the conditions required to make the software follow the same execution path until it fails, but are otherwise unrelated with the original inputs. These new inputs allow vendors to reproduce the bug while revealing less private information than existing approaches. Additionally, we provide a mechanism to measure the amount of information revealed in an error report. This mechanism allows users to perform informed decisions on whether or not to submit reports. We implemented a prototype of our solution and evaluated it with real errors in real programs. The results show that we can produce error reports that allow software vendors to reproduce bugs while revealing almost no private information.
Supplemental Material
Available for Download
Supplemental material for Better bug reporting with better privacy
- GHttpd Log() Function Buffer Overflow Vulnerability (Bugtraq ID: 5960). http://www.securityfocus.com/bid/5960.Google Scholar
- Null HTTPd Remote Heap Overflow Vulnerability (Bugtraq ID: 5774). http://www.securityfocus.com/bid/5774.Google Scholar
- Portable network graphics (png) specification and extensions. http://www.libpng.org/pub/png/spec/.Google Scholar
- AGRAWAL, R., AND SRIKANT, R. Privacy-preserving data mining. In SIGMOD '00: Proceedings of the 2000 ACM SIGMOD international conference on Management of data (2000), pp. 439--450. Google Scholar
Digital Library
- BHANSALI, S., CHEN, W.-K., DE JONG, S., EDWARDS, A., MURRAY, R., DRINIC, M., MIHOCKA, D., AND CHAU, J. Framework for instruction-level tracing and analysis of program executuions. In VEE (June 2006). Google Scholar
Digital Library
- BROADWELL, P., HARREN, M., AND SASTRY, N. Scrash: a system for generating secure crash information.Google Scholar
- BRUMLEY, D., NEWSOME, J., SONG, D., WANG, H., AND JHA, S. Towards automatic generation of vulnerability signatures. In IEEE Symposium on Security and Privacy (May 2006). Google Scholar
Digital Library
- CADAR, C., GANESH, V., PAWLOWSKI, P. M., DILL, D. L., AND ENGLER, D. R. EXE: Automatically Generating Inputs of Death. In 13th ACM Conference on Computer and Communications Security (2006). Google Scholar
Digital Library
- CASTRO, M., COSTA, M., AND HARRIS, T. Securing software by enforcing data-flow integrity. In OSDI (Nov. 2006). Google Scholar
Digital Library
- CHEN, S., XU, J., SEZER, E. C., GAURIAR, P., AND IYER, R. K. Non-control-data attacks are realistic threats. In USENIX Security Symposium (July 2005). Google Scholar
Digital Library
- CHIRAYATH, V., LONGPRE, L., AND KREINOVICH, V. Measuring privacy loss in statistical databases. In Workshop on Descriptional Complexity of Formal Systems (June 2006), pp. 16--25.Google Scholar
- COSTA, M., CASTRO, M., ZHOU, L., ZHANG, L., AND PEINADO, M. Bouncer: Securing Software by Blocking Bad Input. In SOSP (Oct. 2007). Google Scholar
Digital Library
- COSTA, M., CROWCROFT, J., CASTRO, M., ROWSTRON, A., ZHOU, L., ZHANG, L., AND BARHAM, P. Vigilante: End-to-End Containment of Internet Worms. In SOSP (Oct. 2005). Google Scholar
Digital Library
- COWAN, C., PU, C., MAIER, D., HINTON, H., WADPOLE, J., BAKKE, P., BEATTIE, S., GRIER, A., WAGLE, P., AND ZHANG, Q. Stackguard: Automatic detection and prevention of buffer-overrun attacks. In USENIX Security Symposium (Jan. 1998). Google Scholar
Digital Library
- CRANDALL, J. R., SU, Z., WU, S. F., AND CHONG, F. T. On deriving unknown vulnerabilities from zero-day polymorphic and metamorphic worm exploits. In ACM CCS (Nov. 2005). Google Scholar
Digital Library
- DE MOURA, L., AND BJORNER, N. Z3: An Efficient SMT Solver. In Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS) (Apr. 2008). Google Scholar
Digital Library
- DUTERTRE, B., AND DE MOURA, L. The YICES SMT Solver. http://yices.csl.sri.com.Google Scholar
- DUTERTRE, B., AND DE MOURA, L. A fast linear-arithemic solver for dpll(t). In CAV06 (Aug. 2006). Google Scholar
Digital Library
- ELNOZAHY, E. N., ALVISI, L., WANG, Y.-M., AND JOHNSON, D. B. A survey of rollback-recovery protocols in message-passing systems. ACM Computing Surveys 34, 3 (Sept. 2002), 375--408. Google Scholar
Digital Library
- GODEFROID, P., KLARLUND, N., AND SEN, K. DART: Directed Automated Random Testing. In PLDI (2005). Google Scholar
Digital Library
- GODEFROID, P., LEVIN, M. Y., AND MOLNAR, D. Automated whitebox fuzz testing. Tech. Rep. MSR-TR-2007-58, Microsoft Research Technical Report, May 2007.Google Scholar
- GOMES, C. P., HOFFMANN, J., SABHARWAL, A., AND SELMAN, B. From sampling to model counting. In IJCAI (2007), pp. 2293--2299. Google Scholar
Digital Library
- GOMES, C. P., SABHARWAL, A., AND SELMAN, B. Model counting: A new strategy for obtaining good bounds. In AAAI (2006). Google Scholar
Digital Library
- MARTIN, J.-P. Upper and lower bounds on the number of solutions. Tech. Rep. MSR-TR-2007-164, Dec. 2007.Google Scholar
- MICROSOFT CORPORATION. Msn messenger. http://messenger.msn.com.Google Scholar
- MICROSOFT CORPORATION. Privacy statement for the microsoft error reporting service, Oct. 2005. http://oca.microsoft.com/en/dcp20.asp.Google Scholar
- MICROSOFT CORPORATION. Description of the end user privacy policy in application error reporting when you are using office. Microsoft Knowledge Base Q283768, Jan. 2007. http://support.microsoft.com/kb/283768.Google Scholar
- MICROSOFT CORPORATION. Dr. watson overview, Jan. 2007. http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/drwatson overview.mspx?mfr=true.Google Scholar
- MITRE CORPORATION. Multiple buffer overflows in libpng 1.2.5. CVE-2004-0597, June 2004. http://cve.mitre.org/cgibin/cvename.cgi?name=CAN-2004-0597.Google Scholar
- MOORE, D., PAXSON, V., SAVAGE, S., SHANNON, C., STANIFORD, S., AND WEAVER, N. Inside the Slammer worm. IEEE Security and Privacy 1, 4 (July 2003). Google Scholar
Digital Library
- QIN, F., TUCEK, J., SUNDARESAN, J., AND ZHOU, Y. Rx: Treating bugs as allergies -- a safe method to survive software failures. In SOSP (Nov. 2005). Google Scholar
Digital Library
- RUWASE, O., AND LAM, M. A practical dynamic buffer overflow detector. In NDSS (Feb. 2004).Google Scholar
- SAMARATI, P., AND SWEENEY, L. Generalizing data to provide anonymity when disclosing information. In Proceedings of the 17th Symposium on Principles of Database Systems (1998), p. 188. Google Scholar
Digital Library
- SANG, T., BEAME, P., AND KAUTZ, H. A. Heuristics for fast exact model counting. In SAT (2005), pp. 226--240. Google Scholar
Digital Library
- SEN, K., MARINOV, D., AND AGHA, G. CUTE: A Concolic Unit Testing Engine for C. In ESEC/FSE (2005). Google Scholar
Digital Library
- SHANNON, C. E. A mathematical theory of communication. SIGMOBILE Mob. Comput. Commun. Rev. 5, 1 (2001), 3--55. Google Scholar
Digital Library
- SWEENEY, L. k-anonymity: a model for protecting privacy. Int. J. Uncertain. Fuzziness Knowl.-Based Syst. 10, 5 (2002), 557--570. Google Scholar
Digital Library
- TUCEK, J., LU, S., HUANG, C., XANTHOS, S., AND ZHOU, Y. Triage: diagnosing production run failures at the user's site. In SOSP (Nov. 2007). Google Scholar
Digital Library
- ZELLER, A., AND HILDEBRANDT, R. Simplifying and isolating failure-inducing input. IEEE Trans. Software Eng. 28, 2 (2002), 183--200. Google Scholar
Digital Library
Index Terms
Better bug reporting with better privacy
Recommendations
Better bug reporting with better privacy
ASPLOS '08Software vendors collect bug reports from customers to improve the quality of their software. These reports should include the inputs that make the software fail, to enable vendors to reproduce the bug. However, vendors rarely include these inputs in ...
Better bug reporting with better privacy
ASPLOS '08Software vendors collect bug reports from customers to improve the quality of their software. These reports should include the inputs that make the software fail, to enable vendors to reproduce the bug. However, vendors rarely include these inputs in ...
Better bug reporting with better privacy
ASPLOS '08Software vendors collect bug reports from customers to improve the quality of their software. These reports should include the inputs that make the software fail, to enable vendors to reproduce the bug. However, vendors rarely include these inputs in ...









Comments