Isolating Graphical Failure-Inducing Input for Privacy Protection in Error Reporting Systems

Open access

Abstract

This work proposes a new privacy-enhancing system that minimizes the disclosure of information in error reports. Error reporting mechanisms are of the utmost importance to correct software bugs but, unfortunately, the transmission of an error report may reveal users’ private information. Some privacy-enhancing systems for error reporting have been presented in the past years, yet they rely on path condition analysis, which we show in this paper to be ineffective when it comes to graphical-based input. Knowing that numerous applications have graphical user interfaces (GUI), it is very important to overcome such limitation. This work describes a new privacy-enhancing error reporting system, based on a new input minimization algorithm called GUIᴍɪɴ that is geared towards GUI, to remove input that is unnecessary to reproduce the observed failure. Before deciding whether to submit the error report, the user is provided with a step-by-step graphical replay of the minimized input, to evaluate whether it still yields sensitive information. We also provide an open source implementation of the proposed system and evaluate it with well-known applications.

[1] Nat. Inst. of Standards and Tech., Software Errors Cost U.S. Economy $59.5 Billion Annually. NIST News Release http://www.nist.gov/director/planning/upload/report02-3.pdf. 2002.

[2] Zhivich, M.; Cunningham, R. The Real Cost of Software Errors. IEEE Security & Privacy. 2009; pp 87-90.

[3] Cambridge University, Cambridge University Study States Software Bugs Cost Economy $312 Billion Per Year http://www.prweb.com/releases/2013/1/prweb10298185.htm. 2013.

[4] McLaughlin, L. Automated bug tracking: the promise and the pitfalls. IEEE Software. 2004; pp 100 - 103.

[5] Castro, M.; Costa, M.; Martin, J.-P. Better Bug Reporting with Better Privacy. Proceedings of the 13th International Conference on Architectural Support for Programming Languages and Operating Systems. New York, NY, USA, 2008; pp 319-328.

[6] Clause, J.; Orso, A. Camouflage: Automated Anonymization of Field Data. Proceedings of the 33rd International Conference on Software Engineering. New York, NY, USA, 2011; pp 21-30.

[7] Wang, R.; Wang, X.; Li, Z. Panalyst: Privacy-aware Remote Error Analysis on Commodity Software. Proceedings of the 17th Conference on Security Symposium. Berkeley, CA, USA, 2008; pp 291-306.

[8] Andrica, S.; Candea, G. Mitigating Anonymity Challenges in Automated Testing and Debugging Systems. Proceedings of the 10th International Conference on Autonomic Computing (ICAC 13). San Jose, CA, 2013; pp 259-264.

[9] Louro, P.; Garcia, J.; Romano, P. MultiPathPrivacy: Enhanced Privacy in Fault Replication. Dependable Computing Conference (EDCC), 2012 Ninth European. 2012; pp 203-211.

[10] Matos, J.; Garcia, J.; Romano, P. Programming Languages and Systems; Lecture Notes in Computer Science; Springer Berlin Heidelberg, 2014; Vol. 8410; pp 453-472.

[11] Snelting, G. Combining Slicing and Constraint Solving for Validation of Measurement Software. Proceedings of the Third International Symposium on Static Analysis. London, UK, UK, 1996; pp 332-348.

[12] De Moura, L.; Bjørner, N. Z3: An Efficient SMT Solver. Proceedings of the Theory and Practice of Software, 14th International Conference on Tools and Algorithms for the Construction and Analysis of Systems. Berlin, Heidelberg, 2008; pp 337-340.

[13] Dutertre, B.; de Moura, L. The Yices SMT solver; 2006.

[14] Barrett, C.; Tinelli, C. CVC3. Proceedings of the 19th International Conference on Computer Aided Verification (CAV ’07). 2007; pp 298-302, Berlin, Germany.

[15] Prud’homme, C.; Fages, J.-G.; Lorca, X. Choco3 Documentation. TASC, INRIA Rennes, LINA CNRS UMR 6241, COSLING S.A.S., 2014.

[16] Zeller, A.; Hildebrandt, R. Simplifying and isolating failureinducing input. IEEE Transactions on Software Engineering. 2002; pp 183-200.

[17] Park, S.; Zhou, Y.; Xiong, W.; Yin, Z.; Kaushik, R.; Lee, K. H.; Lu, S. PRES: Probabilistic Replay with Execution Sketching on Multiprocessors. Proceedings of the ACM SIGOPS 22Nd Symposium on Operating Systems Principles. New York, NY, USA, 2009; pp 177-192.

[18] Altekar, G.; Stoica, I. ODR: Output-deterministic Replay for Multicore Debugging. Proceedings of the ACM SIGOPS 22Nd Symposium on Operating Systems Principles. New York, NY, USA, 2009; pp 193-206.

[19] Machado, N.; Romano, P.; Rodrigues, L. Lightweight cooperative logging for fault replication in concurrent programs. Dependable Systems and Networks (DSN), 2012 42nd Annual IEEE/IFIP International Conference on. 2012; pp 1-12.

[20] Huang, J.; Zhang, C.; Dolby, J. CLAP: Recording Local Executions to Reproduce Concurrency Failures. Proceedings of the 34th ACM SIGPLAN Conference on Programming Language Design and Implementation. New York, NY, USA, 2013; pp 141-152.

[21] Broadwell, P.; Harren, M.; Sastry, N. Scrash: A System for Generating Secure Crash Information. Proceedings of the 12th Conference on USENIX Security Symposium - Volume 12. Berkeley, CA, USA, 2003.

[22] Gupta, N.; He, H.; Zhang, X.; Gupta, R. Locating Faulty Code Using Failure-inducing Chops. Proceedings of the 20th IEEE/ACM International Conference on Automated Software Engineering. New York, NY, USA, 2005; pp 263-272.

[23] Shakya, K.; Xie, T.; Li, N.; Lei, Y.; Kacker, R.; Kuhn, R. Isolating Failure-Inducing Combinations in Combinatorial Testing Using Test Augmentation and Classification. ICST. 2012.

[24] Artho, C. Iterative delta debugging. International Journal on Software Tools for Technology Transfer. 2011; pp 223-246.

[25] Yu, K.; Lin, M.; Chen, J.; Zhang, X. Practical Isolation of Failure-inducing Changes for Debugging Regression Faults. ASE. 2012.

[26] TV-Browser, http://www.tvbrowser.org/.

[27] TV-Browser, http://hilfe.tvbrowser.org/viewtopic.php?f=14&t=11689&hilit=reproduce.

[28] Cook, S. A. The Complexity of Theorem-proving Procedures. Proceedings of the Third Annual ACM Symposium on Theory of Computing. New York, NY, USA, 1971; pp 151-158.

[29] Wellnomics, An Analysis of Computer Use Across 95 Organisations in Europe, North America and Australasia. 2007; http://www.wellnomics.com/assets/Uploads/WorkPace/News/Wellnomics-white-paper-Comparison-of-Computer-Use-across-different-Countries.pdf.

[30] Matos, J.; Coracao, N.; Garcia, J. Record and Replay GUIBased Applications with Less Overhead. IEEE International Symposium on Software Reliability Engineering Workshops. 2014; pp 353-358.

[31] jEdit, http://www.jedit.org.

[32] Lexi, http://sourceforge.net/projects/lexi/.

[33] Columba, http://sourceforge.net/projects/columba/.

[34] Suberic, http://www.suberic.net/pooka/.

[35] jEdit, http://sourceforge.net/p/jedit/bugs/3776.

[36] Lexi, http://sourceforge.net/p/lexi/bugs/13/.

[37] Lexi, http://sourceforge.net/p/pooka/bugs/33/.

[38] Mehlitz, P.; Tkachuk, O.; Ujma, M. JPF-AWT: Model checking GUI applications. Automated Software Engineering (ASE), 2011 26th IEEE/ACM International Conference on. 2011; pp 584-587.

Journal Information

Metrics

All Time Past Year Past 30 Days
Abstract Views 0 0 0
Full Text Views 285 285 27
PDF Downloads 86 86 9