FireBugs: Finding and Repairing Bugs with Security Patterns
| Title | FireBugs: Finding and Repairing Bugs with Security Patterns |
| Publication Type | Conference Paper |
| Year of Publication | 2019 |
| Authors | Singleton, Larry, Zhao, Rui, Song, Myoungkyu, Siy, Harvey |
| Conference Name | 2019 IEEE/ACM 6th International Conference on Mobile Software Engineering and Systems (MOBILESoft) |
| Keywords | Android (operating system), Android app repositories, APIs, application program interfaces, application programming interface, automated approach, Automated Secure Software Engineering, Bug Repair, composability, compositionality, cryptography, firebugs, javax.crypto APIs, mobile computing, program debugging, pubcrawl, repairing bugs, resilience, Resiliency, Secure Software Development, security, security bugs, security of data, security patterns, software defects, software design experience, software maintenance, software quality, Software systems |
| Abstract | Security is often a critical problem in software systems. The consequences of the failure lead to substantial economic loss or extensive environmental damage. Developing secure software is challenging, and retrofitting existing systems to introduce security is even harder. In this paper, we propose an automated approach for Finding and Repairing Bugs based on security patterns (FireBugs), to repair defects causing security vulnerabilities. To locate and fix security bugs, we apply security patterns that are reusable solutions comprising large amounts of software design experience in many different situations. In the evaluation, we investigated 2,800 Android app repositories to apply our approach to 200 subject projects that use javax.crypto APIs. The vision of our automated approach is to reduce software maintenance burdens where the number of outstanding software defects exceeds available resources. Our ultimate vision is to design more security patterns that have a positive impact on software quality by disseminating correlated sets of best security design practices and knowledge. |
| DOI | 10.1109/MOBILESoft.2019.00014 |
| Citation Key | singleton_firebugs_2019 |
- program debugging
- Software systems
- software quality
- software maintenance
- software design experience
- software defects
- security patterns
- security of data
- security bugs
- security
- Secure Software Development
- Resiliency
- resilience
- repairing bugs
- pubcrawl
- Automated Secure Software Engineering
- mobile computing
- javax.crypto APIs
- firebugs
- Cryptography
- Compositionality
- Bug Repair
- automated approach
- application programming interface
- application program interfaces
- APIs
- Android app repositories
- Android (operating system)
- composability