HyperGI: Automated Detection and Repair of Information Flow Leakage

TL;DR

HyperGI is a framework that automatically detects, localizes, and repairs information flow leaks in software using dynamic analysis and genetic improvement, even when no functional tests fail.

Contribution

It introduces a novel combination of dynamic leak detection and genetic repair to address information leaks without relying on existing failing tests.

Findings

Successfully applied to several programs with no failing tests

Generated patches that mitigate information leaks

Identified trade-offs and future directions for automated repair

Abstract

Maintaining confidential information control in software is a persistent security problem where failure means secrets can be revealed via program behaviors. Information flow control techniques traditionally have been based on static or symbolic analyses -- limited in scalability and specialized to particular languages. When programs do leak secrets there are no approaches to automatically repair them unless the leak causes a functional test to fail. We present our vision for HyperGI, a genetic improvement framework tha detects, localizes and repairs information leakage. Key elements of HyperGI include (1) the use of two orthogonal test suites, (2) a dynamic leak detection approach which estimates and localizes potential leaks, and (3) a repair component that produces a candidate patch using genetic improvement. We demonstrate the successful use of HyperGI on several programs which have no failing functional tests. We manually examine the resulting patches and identify trade-offs and future directions for fully realizing our vision.