Multi-location Cryptographic Code Repair with Neural-Network-Based Methodologies
Wed 25 Aug 2021 05:25 - 05:50 - Doctoral Symposium: Slot 3
Java Cryptographic API libraries are error-prone and result in vulnerabilities. The fixes of them often require security expertise and extra consideration for cryptographic consistency at multiple code locations. My Ph.D. research aims to help developers with a multi-location cryptographic code repair system. The proposed method relies on a precise static analysis for cryptographic code and a neural network based secure code generation solution. We focus on designing neural network based techniques guided by program analysis to learn from the secure code and give accurate suggestions. First, we conducted a comprehensive measurement to compare cryptographic API embeddings guided by different program analysis strategies. Then, we identified two previously unreported programming language-specific challenges, differentiating functionally similar APIs and capturing low-frequency code patterns. We address them by a specialized multi-path code suggestion architecture, and a novel low-frequency enhanced sequence learning technique. Existing results show that our approach achieves significant improvements on top-1 accuracy compared with the state-of-the-art.Our next step is an cryptographic consistent localization that enables our multi-location code repair. We publish our data and code as a large Java cryptographic code dataset.
Tue 24 AugDisplayed time zone: Athens change
16:00 - 19:05 | |||
16:00 45mKeynote | Keynote (Sarah Nadi) Doctoral Symposium Sarah Nadi University of Alberta | ||
16:45 15mBreak | Break Doctoral Symposium | ||
17:00 25mPaper | Lightweight Verification via Specialized Typecheckers Doctoral Symposium Martin Kellogg University of Washington DOI | ||
17:25 25mPaper | Multi-location Cryptographic Code Repair with Neural-Network-Based Methodologies Doctoral Symposium Ya Xiao Virginia Tech DOI | ||
17:50 25mPaper | Improving the Effectiveness of Peer Code Review in Identifying Security Defects Doctoral Symposium Rajshakhar Paul Wayne State University DOI | ||
18:15 25mPaper | Reducing Cost in Continuous Integration with a Collection of Build Selection Approaches Doctoral Symposium Xianhao Jin Virginia Tech DOI | ||
18:40 25mPaper | A Live Environment for Inspection and Refactoring of Software Systems Doctoral Symposium Sara Fernandes University of Porto; INESC-ID DOI | ||
Wed 25 AugDisplayed time zone: Athens change
04:00 - 07:05 | |||
04:00 45mKeynote | Keynote (Sarah Nadi) Doctoral Symposium Sarah Nadi University of Alberta | ||
04:45 15mBreak | Break Doctoral Symposium | ||
05:00 25mPaper | Lightweight Verification via Specialized Typecheckers Doctoral Symposium Martin Kellogg University of Washington DOI | ||
05:25 25mPaper | Multi-location Cryptographic Code Repair with Neural-Network-Based Methodologies Doctoral Symposium Ya Xiao Virginia Tech DOI | ||
05:50 25mPaper | Improving the Effectiveness of Peer Code Review in Identifying Security Defects Doctoral Symposium Rajshakhar Paul Wayne State University DOI | ||
06:15 25mPaper | Reducing Cost in Continuous Integration with a Collection of Build Selection Approaches Doctoral Symposium Xianhao Jin Virginia Tech DOI | ||
06:40 25mPaper | A Live Environment for Inspection and Refactoring of Software Systems Doctoral Symposium Sara Fernandes University of Porto; INESC-ID DOI | ||