论文标题
使用数据驱动方法启用自动修复源代码漏洞
Enabling Automatic Repair of Source Code Vulnerabilities Using Data-Driven Methods
论文作者
论文摘要
世界各地的用户在日常活动中依靠软件密集型系统。这些系统定期包含错误和安全漏洞。为了促进错误修复,自动程序维修模型的数据驱动模型使用了许多错误和固定代码来学习解决代码中错误的转换。但是,安全漏洞的自动修复仍然不足。在这项工作中,我们提出了从三个角度改善漏洞维修代码表示的方法:输入数据类型,数据驱动模型和下游任务。这项工作的预期结果是改进了自动程序维修的代码表示,具体来说是修复安全漏洞。
Users around the world rely on software-intensive systems in their day-to-day activities. These systems regularly contain bugs and security vulnerabilities. To facilitate bug fixing, data-driven models of automatic program repair use pairs of buggy and fixed code to learn transformations that fix errors in code. However, automatic repair of security vulnerabilities remains under-explored. In this work, we propose ways to improve code representations for vulnerability repair from three perspectives: input data type, data-driven models, and downstream tasks. The expected results of this work are improved code representations for automatic program repair and, specifically, fixing security vulnerabilities.
