Automatic input rectification

• dc.contributor.author: Long, Fan
• dc.contributor.author: Ganesh, Vijay
• dc.contributor.author: Carbin, Michael James
• dc.contributor.author: Sidiroglou, Stelios
• dc.contributor.author: Rinard, Martin
• dc.date.issued: 2012-06
• dc.identifier.isbn: 978-1-4673-1067-3
• dc.identifier.isbn: 978-1-4673-1066-6
• dc.identifier.isbn: 978-1-4673-1065-9
• dc.identifier.issn: 0270-5257
• dc.identifier.other: INSPEC Accession Number: 12847757
• dc.identifier.uri: http://hdl.handle.net/1721.1/90583
• dc.description.abstract: We present a novel technique, automatic input rectification, and a prototype implementation, SOAP. SOAP learns a set of constraints characterizing typical inputs that an application is highly likely to process correctly. When given an atypical input that does not satisfy these constraints, SOAP automatically rectifies the input (i.e., changes the input so that it satisfies the learned constraints). The goal is to automatically convert potentially dangerous inputs into typical inputs that the program is highly likely to process correctly. Our experimental results show that, for a set of benchmark applications (Google Picasa, ImageMagick, VLC, Swfdec, and Dillo), this approach effectively converts malicious inputs (which successfully exploit vulnerabilities in the application) into benign inputs that the application processes correctly. Moreover, a manual code analysis shows that, if an input does satisfy the learned constraints, it is incapable of exploiting these vulnerabilities. We also present the results of a user study designed to evaluate the subjective perceptual quality of outputs from benign but atypical inputs that have been automatically rectified by SOAP to conform to the learned constraints. Specifically, we obtained benign inputs that violate learned constraints, used our input rectifier to obtain rectified inputs, then paid Amazon Mechanical Turk users to provide their subjective qualitative perception of the difference between the outputs from the original and rectified inputs. The results indicate that rectification can often preserve much, and in many cases all, of the desirable data in the original input.
• dc.description.sponsorship: National Science Foundation (U.S.) (Grant CCF-0811397)
• dc.description.sponsorship: National Science Foundation (U.S.) (Grant CCF-0905244)
• dc.description.sponsorship: National Science Foundation (U.S.) (Grant CCF-1036241)
• dc.description.sponsorship: National Science Foundation (U.S.) (Grant IIS-0835652)
• dc.description.sponsorship: United States. Dept. of Energy (DOE grant DE-SC0005288)
• dc.description.sponsorship: United States. Defense Advanced Research Projects Agency (DARPA Grant FA8650-11-C- 7192)
• dc.description.sponsorship: United States. Defense Advanced Research Projects Agency (DARPA Grant FA8750-12-2-0110)
• dc.language.iso: en_US
• dc.publisher: Institute of Electrical and Electronics Engineers (IEEE)
• dc.relation.isversionof: http://dx.doi.org/10.1109/ICSE.2012.6227204
• dc.source: MIT web domain
• dc.type: Article
• dc.identifier.citation: Long, Fan, Vijay Ganesh, Michael Carbin, Stelios Sidiroglou, and Martin Rinard. “Automatic Input Rectification.” 2012 34th International Conference on Software Engineering (ICSE) (June 2012). IEEE, p.80-90.
• dc.contributor.department: Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory
• dc.contributor.department: Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science
• dc.contributor.mitauthor: Long, Fan
• dc.contributor.mitauthor: Ganesh, Vijay
• dc.contributor.mitauthor: Carbin, Michael James
• dc.contributor.mitauthor: Sidiroglou, Stelios
• dc.contributor.mitauthor: Rinard, Martin
• dc.relation.journal: 2012 34th International Conference on Software Engineering (ICSE)
• dc.eprint.version: Author's final manuscript
• dc.identifier.orcid: https://orcid.org/0000-0001-8095-8523