Enabling Automatic Repair of Source Code Vulnerabilities Using   Data-Driven Methods

Anastasiia Grishina

arXiv:2202.03055·cs.SE·February 8, 2022

Enabling Automatic Repair of Source Code Vulnerabilities Using Data-Driven Methods

Anastasiia Grishina

PDF

TL;DR

This paper explores enhancing data-driven models for automatic source code vulnerability repair by improving code representations, aiming to advance the effectiveness of fixing security flaws in software systems.

Contribution

It proposes new methods to improve code representations for vulnerability repair from data type, modeling, and task perspectives, addressing a gap in automatic security vulnerability fixing.

Findings

01

Enhanced code representations lead to better vulnerability repair performance.

02

Improved models show promise in fixing security vulnerabilities.

03

The approach advances automatic program repair techniques.

Abstract

Users around the world rely on software-intensive systems in their day-to-day activities. These systems regularly contain bugs and security vulnerabilities. To facilitate bug fixing, data-driven models of automatic program repair use pairs of buggy and fixed code to learn transformations that fix errors in code. However, automatic repair of security vulnerabilities remains under-explored. In this work, we propose ways to improve code representations for vulnerability repair from three perspectives: input data type, data-driven models, and downstream tasks. The expected results of this work are improved code representations for automatic program repair and, specifically, fixing security vulnerabilities.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.

Taxonomy

MethodsRepair