Maestro: a platform for benchmarking automatic program repair tools on software vulnerabilities

Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis Pub Date : 2022-07-18 DOI:10.1145/3533767.3543291

Eduard Pinconschi, Quang-Cuong Bui, Rui Abreu, P. Adão, R. Scandariato

{"title":"Maestro: a platform for benchmarking automatic program repair tools on software vulnerabilities","authors":"Eduard Pinconschi, Quang-Cuong Bui, Rui Abreu, P. Adão, R. Scandariato","doi":"10.1145/3533767.3543291","DOIUrl":null,"url":null,"abstract":"Automating the repair of vulnerabilities is emerging in the field of software security. Previous efforts have leveraged Automated Program Repair (APR) for the task. Reproducible pipelines of repair tools on vulnerability benchmarks can promote advances in the field, such as new repair techniques. We propose Maestro, a decentralized platform with RESTful APIs for performing automated software vulnerability repair. Our platform connects benchmarks of vulnerabilities with APR tools for performing controlled experiments. It also promotes fair comparisons among different APR tools. We compare the performance of Maestro with previous studies on four APR tools in finding repairs for ten projects. Our execution time results indicate an overhead of 23 seconds for projects in C and a reduction of 14 seconds for Java projects. We introduce an agnostic platform for vulnerability repair with preliminary tools/datasets for both C and Java. Maestro is modular and can accommodate tools, benchmarks, and repair workflows with dedicated plugins.","PeriodicalId":412271,"journal":{"name":"Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis","volume":"4 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3533767.3543291","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

Abstract

Automating the repair of vulnerabilities is emerging in the field of software security. Previous efforts have leveraged Automated Program Repair (APR) for the task. Reproducible pipelines of repair tools on vulnerability benchmarks can promote advances in the field, such as new repair techniques. We propose Maestro, a decentralized platform with RESTful APIs for performing automated software vulnerability repair. Our platform connects benchmarks of vulnerabilities with APR tools for performing controlled experiments. It also promotes fair comparisons among different APR tools. We compare the performance of Maestro with previous studies on four APR tools in finding repairs for ten projects. Our execution time results indicate an overhead of 23 seconds for projects in C and a reduction of 14 seconds for Java projects. We introduce an agnostic platform for vulnerability repair with preliminary tools/datasets for both C and Java. Maestro is modular and can accommodate tools, benchmarks, and repair workflows with dedicated plugins.

查看原文本刊更多论文

Maestro:针对软件漏洞对自动程序修复工具进行基准测试的平台

在软件安全领域，漏洞的自动修复正在兴起。以前的工作利用了自动程序修复(APR)来完成任务。基于漏洞基准的可再生修复工具管道可以促进该领域的进步，例如新的修复技术。我们提出Maestro，这是一个分散的平台，具有RESTful api，用于执行自动软件漏洞修复。我们的平台将漏洞基准与APR工具连接起来，用于执行受控实验。它还促进了不同APR工具之间的公平比较。我们将Maestro的性能与先前对四个APR工具在十个项目中寻找修复的研究进行了比较。我们的执行时间结果表明，C语言项目的开销为23秒，Java项目的开销为14秒。我们为C和Java引入了一个不可知的漏洞修复平台，并提供了初步的工具/数据集。Maestro是模块化的，可以容纳工具，基准测试和修复工作流程与专用插件。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis

自引率

0.00%

发文量