Identifying Casualty Changes in Software Patches (ESEC/FSE 2021 - Research Papers)

Who

Adriana Sejfia, Yixue Zhao, Nenad Medvidović

Track

ESEC/FSE 2021 Research Papers

Time Zone

The program is currently displayed in (GMT+03:00) Athens.

Use conference time zone: (GMT+03:00) AthensSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

Save

When

Thu 26 Aug 2021 19:00 - 19:10 - Dependability—Vulnerabilities 2 Chair(s): Domenico Bianculli
Fri 27 Aug 2021 07:00 - 07:10 - Dependability—Vulnerabilities 2 Chair(s): Ramy Shahin

Abstract

Noise in software patches impacts their understanding, analysis, and use for tasks such as change prediction. Although several approaches have been developed to identify noise in patches, this issue has persisted. An analysis of a dataset of security patches for the Tomcat web server, which we further expanded with security patches from five additional systems, uncovered several kinds of previously unreported noise which we call nonessential casualty changes. These are changes that themselves do not alter the logic of the program but are necessitated by other changes made in the patch. In this paper, we provide a comprehensive taxonomy of casualty changes. We then develop CasCADe, an automated technique for automatically identifying casualty changes. We evaluate CasCADe with several publicly available datasets of patches and tools that focus on them. Our results show that CasCADe is highly accurate, that the kinds of noise it identifies occur relatively commonly in patches, and that removing this noise improves upon the evaluation results of a previously published change-based approach.

DOI

https://doi.org/10.1145/3468264.3468624

Adriana Sejfia

University of Southern California

United States

Yixue Zhao

University of Massachusetts at Amherst

United States

Nenad Medvidović

University of Southern California

United States

CasCADe's website

Time Zone

The program is currently displayed in (GMT+03:00) Athens.

Use conference time zone: (GMT+03:00) AthensSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

Display full programSpecify a time band

Save

Session Program

Thu 26 Aug
Displayed time zone: Athens change

19:00 - 20:00	Dependability—Vulnerabilities 2Research Papers / Demonstrations +12h Chair(s): Domenico Bianculli University of Luxembourg

19:00 10m Paper		Identifying Casualty Changes in Software Patches Research Papers Adriana Sejfia University of Southern California, Yixue Zhao University of Massachusetts at Amherst, Nenad Medvidović University of Southern California DOI Media Attached
19:10 10m Paper		ACHyb: A Hybrid Analysis Approach to Detect Kernel Access Control Vulnerabilities Research Papers Yang Hu The University of Texas at Austin, Wenxi Wang University of Texas at Austin, Casen Hunger University of Texas at Austin, Riley Wood University of Texas at Austin, Sarfraz Khurshid University of Texas at Austin, Mohit Tiwari University of Texas at Austin DOI
19:20 5m Paper		ICME: An Informed Consent Management Engine for Conformance in Smart Building Environments Demonstrations Chehara Pathmabandu Monash University, John Grundy Monash University, Mohan Baruwal Chhetri CSIRO’s Data61, Zubair Baig Deakin University DOI Media Attached
19:25 5m Paper		CrossVul: A Cross-Language Vulnerability Dataset with Commit Data Demonstrations Georgios Nikitopoulos University of Thessaly, Konstantina Dritsa Athens University of Economics and Business, Panos Louridas Athens University of Economics and Business, Dimitris Mitropoulos University of Athens DOI
19:30 30m Live Q&A		Q&A (Dependability—Vulnerabilities 2) Research Papers

Fri 27 Aug
Displayed time zone: Athens change

07:00 - 08:00	Dependability—Vulnerabilities 2Demonstrations / Research Papers Chair(s): Ramy Shahin University of Toronto

07:00 10m Paper		Identifying Casualty Changes in Software Patches Research Papers Adriana Sejfia University of Southern California, Yixue Zhao University of Massachusetts at Amherst, Nenad Medvidović University of Southern California DOI Media Attached
07:10 10m Paper		ACHyb: A Hybrid Analysis Approach to Detect Kernel Access Control Vulnerabilities Research Papers Yang Hu The University of Texas at Austin, Wenxi Wang University of Texas at Austin, Casen Hunger University of Texas at Austin, Riley Wood University of Texas at Austin, Sarfraz Khurshid University of Texas at Austin, Mohit Tiwari University of Texas at Austin DOI
07:20 5m Paper		ICME: An Informed Consent Management Engine for Conformance in Smart Building Environments Demonstrations Chehara Pathmabandu Monash University, John Grundy Monash University, Mohan Baruwal Chhetri CSIRO’s Data61, Zubair Baig Deakin University DOI Media Attached
07:25 5m Paper		CrossVul: A Cross-Language Vulnerability Dataset with Commit Data Demonstrations Georgios Nikitopoulos University of Thessaly, Konstantina Dritsa Athens University of Economics and Business, Panos Louridas Athens University of Economics and Business, Dimitris Mitropoulos University of Athens DOI
07:30 30m Live Q&A		Q&A (Dependability—Vulnerabilities 2) Research Papers