Automatic input rectification

Long, Fan; Ganesh, Vijay; Carbin, Michael; Sidiroglou, Stelios; Rinard, Martin

Author(s)

Long, Fan; Ganesh, Vijay; Carbin, Michael James; Sidiroglou, Stelios; Rinard, Martin

DownloadRinard_Automatic input.pdf (2.141Mb)

OPEN_ACCESS_POLICY

Terms of use

Creative Commons Attribution-Noncommercial-Share Alike http://creativecommons.org/licenses/by-nc-sa/4.0/

Metadata

Show full item record

Abstract

We present a novel technique, automatic input rectification, and a prototype implementation, SOAP. SOAP learns a set of constraints characterizing typical inputs that an application is highly likely to process correctly. When given an atypical input that does not satisfy these constraints, SOAP automatically rectifies the input (i.e., changes the input so that it satisfies the learned constraints). The goal is to automatically convert potentially dangerous inputs into typical inputs that the program is highly likely to process correctly. Our experimental results show that, for a set of benchmark applications (Google Picasa, ImageMagick, VLC, Swfdec, and Dillo), this approach effectively converts malicious inputs (which successfully exploit vulnerabilities in the application) into benign inputs that the application processes correctly. Moreover, a manual code analysis shows that, if an input does satisfy the learned constraints, it is incapable of exploiting these vulnerabilities. We also present the results of a user study designed to evaluate the subjective perceptual quality of outputs from benign but atypical inputs that have been automatically rectified by SOAP to conform to the learned constraints. Specifically, we obtained benign inputs that violate learned constraints, used our input rectifier to obtain rectified inputs, then paid Amazon Mechanical Turk users to provide their subjective qualitative perception of the difference between the outputs from the original and rectified inputs. The results indicate that rectification can often preserve much, and in many cases all, of the desirable data in the original input.

Date issued

2012-06

URI

http://hdl.handle.net/1721.1/90583

Department

Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory; Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science

Journal

2012 34th International Conference on Software Engineering (ICSE)

Publisher

Institute of Electrical and Electronics Engineers (IEEE)

Citation

Long, Fan, Vijay Ganesh, Michael Carbin, Stelios Sidiroglou, and Martin Rinard. “Automatic Input Rectification.” 2012 34th International Conference on Software Engineering (ICSE) (June 2012). IEEE, p.80-90.

Version: Author's final manuscript

Other identifiers

INSPEC Accession Number: 12847757

ISBN

978-1-4673-1067-3

978-1-4673-1066-6

978-1-4673-1065-9

ISSN

0270-5257

Collections

MIT Open Access Articles

MIT Libraries homeDSpace@MIT