Privacy in Software Error Reporting

What is it about?

In this work we introduce RESPA (Recursive Shortest Pathbased Anonymizer), a system for generating failure-reproducing, yet anonymized, error reports. RESPA relies on symbolic execution, executed at client side, in order to identify alternative failure-inducing paths in the program’s execution graph, and derive the logical conditions, called path conditions, that define the set of user inputs reproducing these executions. Anonymized failure-inducing inputs are then synthesized using any (random) solution satisfying the path conditions. The search for alternative failure-inducing executions is based on an innovative algorithm that exploits three key ideas: i) RESPA relies on binary search to determine, in an efficient way, which portions of the original execution should be preserved in the alternative one; ii) in order to identify alternative execution paths with low information leakage, RESPA explores the execution graph by leveraging on the Djikstra’s shortest path algorithm with information leakage as the distance metric; iii) RESPA ensures provable non-reversibility of the alternative inputs it produces via a recursive technique that anonymizes the alternative inputs found after running the algorithm.

Featured Image

Why is it important?

Error reporting systems are valuable mechanisms for enhancing software reliability. Unfortunately, though, conventional error reporting systems are prone to leaking sensitive user information, raising strong privacy concerns.