skip to main content
research-article

Better bug reporting with better privacy

Published: 01 March 2008 Publication History

Abstract

Software vendors collect bug reports from customers to improve the quality of their software. These reports should include the inputs that make the software fail, to enable vendors to reproduce the bug. However, vendors rarely include these inputs in reports because they may contain private user data. We describe a solution to this problem that provides software vendors with new input values that satisfy the conditions required to make the software follow the same execution path until it fails, but are otherwise unrelated with the original inputs. These new inputs allow vendors to reproduce the bug while revealing less private information than existing approaches. Additionally, we provide a mechanism to measure the amount of information revealed in an error report. This mechanism allows users to perform informed decisions on whether or not to submit reports. We implemented a prototype of our solution and evaluated it with real errors in real programs. The results show that we can produce error reports that allow software vendors to reproduce bugs while revealing almost no private information.

Supplementary Material

JPG File (1346322.jpg)
index.html (index.html)
Slides from the presentation
ZIP File (p319-costa-slides.zip)
Supplemental material for Better bug reporting with better privacy
Audio only (1346322.mp3)
Video (1346322.mp4)

References

[1]
GHttpd Log() Function Buffer Overflow Vulnerability (Bugtraq ID: 5960). http://www.securityfocus.com/bid/5960.
[2]
Null HTTPd Remote Heap Overflow Vulnerability (Bugtraq ID: 5774). http://www.securityfocus.com/bid/5774.
[3]
Portable network graphics (png) specification and extensions. http://www.libpng.org/pub/png/spec/.
[4]
AGRAWAL, R., AND SRIKANT, R. Privacy-preserving data mining. In SIGMOD '00: Proceedings of the 2000 ACM SIGMOD international conference on Management of data (2000), pp. 439--450.
[5]
BHANSALI, S., CHEN, W.-K., DE JONG, S., EDWARDS, A., MURRAY, R., DRINIC, M., MIHOCKA, D., AND CHAU, J. Framework for instruction-level tracing and analysis of program executuions. In VEE (June 2006).
[6]
BROADWELL, P., HARREN, M., AND SASTRY, N. Scrash: a system for generating secure crash information.
[7]
BRUMLEY, D., NEWSOME, J., SONG, D., WANG, H., AND JHA, S. Towards automatic generation of vulnerability signatures. In IEEE Symposium on Security and Privacy (May 2006).
[8]
CADAR, C., GANESH, V., PAWLOWSKI, P. M., DILL, D. L., AND ENGLER, D. R. EXE: Automatically Generating Inputs of Death. In 13th ACM Conference on Computer and Communications Security (2006).
[9]
CASTRO, M., COSTA, M., AND HARRIS, T. Securing software by enforcing data-flow integrity. In OSDI (Nov. 2006).
[10]
CHEN, S., XU, J., SEZER, E. C., GAURIAR, P., AND IYER, R. K. Non-control-data attacks are realistic threats. In USENIX Security Symposium (July 2005).
[11]
CHIRAYATH, V., LONGPRE, L., AND KREINOVICH, V. Measuring privacy loss in statistical databases. In Workshop on Descriptional Complexity of Formal Systems (June 2006), pp. 16--25.
[12]
COSTA, M., CASTRO, M., ZHOU, L., ZHANG, L., AND PEINADO, M. Bouncer: Securing Software by Blocking Bad Input. In SOSP (Oct. 2007).
[13]
COSTA, M., CROWCROFT, J., CASTRO, M., ROWSTRON, A., ZHOU, L., ZHANG, L., AND BARHAM, P. Vigilante: End-to-End Containment of Internet Worms. In SOSP (Oct. 2005).
[14]
COWAN, C., PU, C., MAIER, D., HINTON, H., WADPOLE, J., BAKKE, P., BEATTIE, S., GRIER, A., WAGLE, P., AND ZHANG, Q. Stackguard: Automatic detection and prevention of buffer-overrun attacks. In USENIX Security Symposium (Jan. 1998).
[15]
CRANDALL, J. R., SU, Z., WU, S. F., AND CHONG, F. T. On deriving unknown vulnerabilities from zero-day polymorphic and metamorphic worm exploits. In ACM CCS (Nov. 2005).
[16]
DE MOURA, L., AND BJORNER, N. Z3: An Efficient SMT Solver. In Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS) (Apr. 2008).
[17]
DUTERTRE, B., AND DE MOURA, L. The YICES SMT Solver. http://yices.csl.sri.com.
[18]
DUTERTRE, B., AND DE MOURA, L. A fast linear-arithemic solver for dpll(t). In CAV06 (Aug. 2006).
[19]
ELNOZAHY, E. N., ALVISI, L., WANG, Y.-M., AND JOHNSON, D. B. A survey of rollback-recovery protocols in message-passing systems. ACM Computing Surveys 34, 3 (Sept. 2002), 375--408.
[20]
GODEFROID, P., KLARLUND, N., AND SEN, K. DART: Directed Automated Random Testing. In PLDI (2005).
[21]
GODEFROID, P., LEVIN, M. Y., AND MOLNAR, D. Automated whitebox fuzz testing. Tech. Rep. MSR-TR-2007-58, Microsoft Research Technical Report, May 2007.
[22]
GOMES, C. P., HOFFMANN, J., SABHARWAL, A., AND SELMAN, B. From sampling to model counting. In IJCAI (2007), pp. 2293--2299.
[23]
GOMES, C. P., SABHARWAL, A., AND SELMAN, B. Model counting: A new strategy for obtaining good bounds. In AAAI (2006).
[24]
MARTIN, J.-P. Upper and lower bounds on the number of solutions. Tech. Rep. MSR-TR-2007-164, Dec. 2007.
[25]
MICROSOFT CORPORATION. Msn messenger. http://messenger.msn.com.
[26]
MICROSOFT CORPORATION. Privacy statement for the microsoft error reporting service, Oct. 2005. http://oca.microsoft.com/en/dcp20.asp.
[27]
MICROSOFT CORPORATION. Description of the end user privacy policy in application error reporting when you are using office. Microsoft Knowledge Base Q283768, Jan. 2007. http://support.microsoft.com/kb/283768.
[28]
MICROSOFT CORPORATION. Dr. watson overview, Jan. 2007. http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/drwatson overview.mspx?mfr=true.
[29]
MITRE CORPORATION. Multiple buffer overflows in libpng 1.2.5. CVE-2004-0597, June 2004. http://cve.mitre.org/cgibin/cvename.cgi?name=CAN-2004-0597.
[30]
MOORE, D., PAXSON, V., SAVAGE, S., SHANNON, C., STANIFORD, S., AND WEAVER, N. Inside the Slammer worm. IEEE Security and Privacy 1, 4 (July 2003).
[31]
QIN, F., TUCEK, J., SUNDARESAN, J., AND ZHOU, Y. Rx: Treating bugs as allergies -- a safe method to survive software failures. In SOSP (Nov. 2005).
[32]
RUWASE, O., AND LAM, M. A practical dynamic buffer overflow detector. In NDSS (Feb. 2004).
[33]
SAMARATI, P., AND SWEENEY, L. Generalizing data to provide anonymity when disclosing information. In Proceedings of the 17th Symposium on Principles of Database Systems (1998), p. 188.
[34]
SANG, T., BEAME, P., AND KAUTZ, H. A. Heuristics for fast exact model counting. In SAT (2005), pp. 226--240.
[35]
SEN, K., MARINOV, D., AND AGHA, G. CUTE: A Concolic Unit Testing Engine for C. In ESEC/FSE (2005).
[36]
SHANNON, C. E. A mathematical theory of communication. SIGMOBILE Mob. Comput. Commun. Rev. 5, 1 (2001), 3--55.
[37]
SWEENEY, L. k-anonymity: a model for protecting privacy. Int. J. Uncertain. Fuzziness Knowl.-Based Syst. 10, 5 (2002), 557--570.
[38]
TUCEK, J., LU, S., HUANG, C., XANTHOS, S., AND ZHOU, Y. Triage: diagnosing production run failures at the user's site. In SOSP (Nov. 2007).
[39]
ZELLER, A., AND HILDEBRANDT, R. Simplifying and isolating failure-inducing input. IEEE Trans. Software Eng. 28, 2 (2002), 183--200.

Cited By

View all
  • (2023)MultiviewProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620657(7499-7516)Online publication date: 9-Aug-2023
  • (2023)Improving logging to reduce permission over-granting mistakesProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620261(409-426)Online publication date: 9-Aug-2023
  • (2021)Context-Aware Privacy-Optimizing Address Tracing2021 International Symposium on Secure and Private Execution Environment Design (SEED)10.1109/SEED51797.2021.00027(150-162)Online publication date: Sep-2021
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM SIGOPS Operating Systems Review
ACM SIGOPS Operating Systems Review  Volume 42, Issue 2
ASPLOS '08
March 2008
339 pages
ISSN:0163-5980
DOI:10.1145/1353535
Issue’s Table of Contents
  • cover image ACM Conferences
    ASPLOS XIII: Proceedings of the 13th international conference on Architectural support for programming languages and operating systems
    March 2008
    352 pages
    ISBN:9781595939586
    DOI:10.1145/1346281
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 March 2008
Published in SIGOPS Volume 42, Issue 2

Check for updates

Author Tags

  1. bug reports
  2. constraint solving
  3. privacy
  4. symbolic execution

Qualifiers

  • Research-article

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)16
  • Downloads (Last 6 weeks)0
Reflects downloads up to 12 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2023)MultiviewProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620657(7499-7516)Online publication date: 9-Aug-2023
  • (2023)Improving logging to reduce permission over-granting mistakesProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620261(409-426)Online publication date: 9-Aug-2023
  • (2021)Context-Aware Privacy-Optimizing Address Tracing2021 International Symposium on Secure and Private Execution Environment Design (SEED)10.1109/SEED51797.2021.00027(150-162)Online publication date: Sep-2021
  • (2021)Knowledge & Learning-based Adaptable System for Sensitive Information Identification and Handling2021 IEEE 14th International Conference on Cloud Computing (CLOUD)10.1109/CLOUD53861.2021.00039(261-271)Online publication date: Sep-2021
  • (2025)Configuration Monitor SynthesisAutomated Technology for Verification and Analysis10.1007/978-3-031-78750-8_1(3-27)Online publication date: 12-Feb-2025
  • (2024)Anonymizing Test Data in Android: Does It Hurt?Proceedings of the 5th ACM/IEEE International Conference on Automation of Software Test (AST 2024)10.1145/3644032.3644463(88-98)Online publication date: 15-Apr-2024
  • (2022)Update with careJournal of Systems and Software10.1016/j.jss.2022.111381191:COnline publication date: 1-Sep-2022
  • (2021)Correlation Between Microbial Diversity and Volatile Flavor Compounds of Suan zuo rou, a Fermented Meat Product From Guizhou, ChinaFrontiers in Microbiology10.3389/fmicb.2021.73652512Online publication date: 20-Oct-2021
  • (2020)CREPEProceedings of the Tenth ACM Conference on Data and Application Security and Privacy10.1145/3374664.3375738(295-306)Online publication date: 16-Mar-2020
  • (2020)Pattern Guided Integrated Scheduling and Routing in Multi-Hop Control NetworksACM Transactions on Embedded Computing Systems10.1145/337213419:2(1-28)Online publication date: 10-Feb-2020
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media