Seemanta Saha

Seemanta Saha, Ismet Burak Kadron, William Eiers et al.

Information leaks are a significant problem in modern computer systems and string manipulation is prevalent in modern software. We present techniques for automated synthesis of side-channel attacks that recover secret string values based on timing observations on string manipulating code. Our attack synthesis techniques iteratively generate inputs which, when fed to code that accesses the secret, reveal partial information about the secret based on the timing observations, leading to recovery of the secret at the end of the attack sequence. We use symbolic execution to extract path constraints, automata-based model counting to estimate the probability of execution paths, and meta-heuristic methods to maximize information gain based on entropy for synthesizing adaptive attack steps.

Seemanta Saha, Ripon K. Saha, Mukul R. Prasad

Despite significant advances in automatic program repair (APR)techniques over the past decade, practical deployment remains an elusive goal. One of the important challenges in this regard is the general inability of current APR techniques to produce patches that require edits in multiple locations, i.e., multi-hunk patches. In this work, we present a novel APR technique that generalizes single-hunk repair techniques to include an important class of multi-hunk bugs, namely bugs that may require applying a substantially similar patch at a number of locations. We term such sets of repair locations as evolutionary siblings - similar looking code, instantiated in similar contexts, that are expected to undergo similar changes. At the heart of our proposed method is an analysis to accurately identify a set of evolutionary siblings, for a given bug. This analysis leverages three distinct sources of information, namely the test-suite spectrum, a novel code similarity analysis, and the revision history of the project. The discovered siblings are then simultaneously repaired in a similar fashion. We instantiate this technique in a tool called Hercules and demonstrate that it is able to correctly fix 49 bugs in the Defects4J dataset, the highest of any individual APR technique to date. This includes 15 multi-hunk bugs and overall 13 bugs which have not been fixed by any other technique so far.

Seemanta Saha, William Eiers, Ismet Burak Kadron et al.

Information leakage is a significant problem in modern software systems. Information leaks due to side channels are especially hard to detect and analyze. In this paper, we present techniques for automated synthesis of adaptive side-channel attacks that recover secret values. Our attack synthesis techniques iteratively generate inputs which, when fed to code that accesses the secret, reveal partial information about the secret based on the side-channel observations, reducing the remaining uncertainty about the secret in each attack step. Our approach is incremental, reusing results from prior iterations in each attack step to improve the efficiency of attack synthesis. We use symbolic execution to extract path constraints, automata-based model counting to estimate probabilities of execution paths, and meta-heuristics to maximize information gain based on entropy in order to minimize the number of synthesized attack steps.