FireBugs: Finding and repairing bugs with security patterns

Larry Singleton, Rui Zhao, Myoungkyu Song, Harvey Siy

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Security is often a critical problem in software systems. The consequences of the failure lead to substantial economic loss or extensive environmental damage. Developing secure software is challenging, and retrofitting existing systems to introduce security is even harder. In this paper, we propose an automated approach for Finding and Repairing Bugs based on security patterns (FireBugs), to repair defects causing security vulnerabilities. To locate and fix security bugs, we apply security patterns that are reusable solutions comprising large amounts of software design experience in many different situations. In the evaluation, we investigated 2,800 Android app repositories to apply our approach to 200 subject projects that use javax.crypto APIs. The vision of our automated approach is to reduce software maintenance burdens where the number of outstanding software defects exceeds available resources. Our ultimate vision is to design more security patterns that have a positive impact on software quality by disseminating correlated sets of best security design practices and knowledge.

Original languageEnglish (US)
Title of host publicationProceedings - 2019 IEEE/ACM 6th International Conference on Mobile Software Engineering and Systems, MOBILESoft 2019
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages30-34
Number of pages5
ISBN (Electronic)9781728133959
DOIs
StatePublished - May 2019
Event6th IEEE/ACM International Conference on Mobile Software Engineering and Systems, MOBILESoft 2019 - Montreal, Canada
Duration: May 25 2019 → …

Publication series

NameProceedings - 2019 IEEE/ACM 6th International Conference on Mobile Software Engineering and Systems, MOBILESoft 2019

Conference

Conference6th IEEE/ACM International Conference on Mobile Software Engineering and Systems, MOBILESoft 2019
CountryCanada
CityMontreal
Period5/25/19 → …

Fingerprint

Computer software maintenance
Defects
Retrofitting
Software design
Application programming interfaces (API)
Application programs
Repair
Economics
Android (operating system)

Keywords

  • Bug Repair
  • Cryptography
  • Security
  • Software Maintenance

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Hardware and Architecture
  • Software

Cite this

Singleton, L., Zhao, R., Song, M., & Siy, H. (2019). FireBugs: Finding and repairing bugs with security patterns. In Proceedings - 2019 IEEE/ACM 6th International Conference on Mobile Software Engineering and Systems, MOBILESoft 2019 (pp. 30-34). [8817034] (Proceedings - 2019 IEEE/ACM 6th International Conference on Mobile Software Engineering and Systems, MOBILESoft 2019). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/MOBILESoft.2019.00014

FireBugs : Finding and repairing bugs with security patterns. / Singleton, Larry; Zhao, Rui; Song, Myoungkyu; Siy, Harvey.

Proceedings - 2019 IEEE/ACM 6th International Conference on Mobile Software Engineering and Systems, MOBILESoft 2019. Institute of Electrical and Electronics Engineers Inc., 2019. p. 30-34 8817034 (Proceedings - 2019 IEEE/ACM 6th International Conference on Mobile Software Engineering and Systems, MOBILESoft 2019).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Singleton, L, Zhao, R, Song, M & Siy, H 2019, FireBugs: Finding and repairing bugs with security patterns. in Proceedings - 2019 IEEE/ACM 6th International Conference on Mobile Software Engineering and Systems, MOBILESoft 2019., 8817034, Proceedings - 2019 IEEE/ACM 6th International Conference on Mobile Software Engineering and Systems, MOBILESoft 2019, Institute of Electrical and Electronics Engineers Inc., pp. 30-34, 6th IEEE/ACM International Conference on Mobile Software Engineering and Systems, MOBILESoft 2019, Montreal, Canada, 5/25/19. https://doi.org/10.1109/MOBILESoft.2019.00014
Singleton L, Zhao R, Song M, Siy H. FireBugs: Finding and repairing bugs with security patterns. In Proceedings - 2019 IEEE/ACM 6th International Conference on Mobile Software Engineering and Systems, MOBILESoft 2019. Institute of Electrical and Electronics Engineers Inc. 2019. p. 30-34. 8817034. (Proceedings - 2019 IEEE/ACM 6th International Conference on Mobile Software Engineering and Systems, MOBILESoft 2019). https://doi.org/10.1109/MOBILESoft.2019.00014
Singleton, Larry ; Zhao, Rui ; Song, Myoungkyu ; Siy, Harvey. / FireBugs : Finding and repairing bugs with security patterns. Proceedings - 2019 IEEE/ACM 6th International Conference on Mobile Software Engineering and Systems, MOBILESoft 2019. Institute of Electrical and Electronics Engineers Inc., 2019. pp. 30-34 (Proceedings - 2019 IEEE/ACM 6th International Conference on Mobile Software Engineering and Systems, MOBILESoft 2019).
@inproceedings{b4548c7ab1c44f4f945677add5ec5620,
title = "FireBugs: Finding and repairing bugs with security patterns",
abstract = "Security is often a critical problem in software systems. The consequences of the failure lead to substantial economic loss or extensive environmental damage. Developing secure software is challenging, and retrofitting existing systems to introduce security is even harder. In this paper, we propose an automated approach for Finding and Repairing Bugs based on security patterns (FireBugs), to repair defects causing security vulnerabilities. To locate and fix security bugs, we apply security patterns that are reusable solutions comprising large amounts of software design experience in many different situations. In the evaluation, we investigated 2,800 Android app repositories to apply our approach to 200 subject projects that use javax.crypto APIs. The vision of our automated approach is to reduce software maintenance burdens where the number of outstanding software defects exceeds available resources. Our ultimate vision is to design more security patterns that have a positive impact on software quality by disseminating correlated sets of best security design practices and knowledge.",
keywords = "Bug Repair, Cryptography, Security, Software Maintenance",
author = "Larry Singleton and Rui Zhao and Myoungkyu Song and Harvey Siy",
year = "2019",
month = "5",
doi = "10.1109/MOBILESoft.2019.00014",
language = "English (US)",
series = "Proceedings - 2019 IEEE/ACM 6th International Conference on Mobile Software Engineering and Systems, MOBILESoft 2019",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "30--34",
booktitle = "Proceedings - 2019 IEEE/ACM 6th International Conference on Mobile Software Engineering and Systems, MOBILESoft 2019",

}

TY - GEN

T1 - FireBugs

T2 - Finding and repairing bugs with security patterns

AU - Singleton, Larry

AU - Zhao, Rui

AU - Song, Myoungkyu

AU - Siy, Harvey

PY - 2019/5

Y1 - 2019/5

N2 - Security is often a critical problem in software systems. The consequences of the failure lead to substantial economic loss or extensive environmental damage. Developing secure software is challenging, and retrofitting existing systems to introduce security is even harder. In this paper, we propose an automated approach for Finding and Repairing Bugs based on security patterns (FireBugs), to repair defects causing security vulnerabilities. To locate and fix security bugs, we apply security patterns that are reusable solutions comprising large amounts of software design experience in many different situations. In the evaluation, we investigated 2,800 Android app repositories to apply our approach to 200 subject projects that use javax.crypto APIs. The vision of our automated approach is to reduce software maintenance burdens where the number of outstanding software defects exceeds available resources. Our ultimate vision is to design more security patterns that have a positive impact on software quality by disseminating correlated sets of best security design practices and knowledge.

AB - Security is often a critical problem in software systems. The consequences of the failure lead to substantial economic loss or extensive environmental damage. Developing secure software is challenging, and retrofitting existing systems to introduce security is even harder. In this paper, we propose an automated approach for Finding and Repairing Bugs based on security patterns (FireBugs), to repair defects causing security vulnerabilities. To locate and fix security bugs, we apply security patterns that are reusable solutions comprising large amounts of software design experience in many different situations. In the evaluation, we investigated 2,800 Android app repositories to apply our approach to 200 subject projects that use javax.crypto APIs. The vision of our automated approach is to reduce software maintenance burdens where the number of outstanding software defects exceeds available resources. Our ultimate vision is to design more security patterns that have a positive impact on software quality by disseminating correlated sets of best security design practices and knowledge.

KW - Bug Repair

KW - Cryptography

KW - Security

KW - Software Maintenance

UR - http://www.scopus.com/inward/record.url?scp=85072510567&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85072510567&partnerID=8YFLogxK

U2 - 10.1109/MOBILESoft.2019.00014

DO - 10.1109/MOBILESoft.2019.00014

M3 - Conference contribution

AN - SCOPUS:85072510567

T3 - Proceedings - 2019 IEEE/ACM 6th International Conference on Mobile Software Engineering and Systems, MOBILESoft 2019

SP - 30

EP - 34

BT - Proceedings - 2019 IEEE/ACM 6th International Conference on Mobile Software Engineering and Systems, MOBILESoft 2019

PB - Institute of Electrical and Electronics Engineers Inc.

ER -