SOFTWARE VULNERABILITY REPAIR

Abstract

This thesis introduces a series of cohesive techniques tightly coupled towards the goal of generating security patches for identified software security vulnerabilities. First, we study the impeding challenges in trusted program repair, specifically addressing the trustworthiness of auto-generated patches. Considering the insights gained from our study, we propose "compilation-free program repair" to speedup the efficiency of program repair. Third, we propose a novel program repair technique “concolic program repair” that integrates a user-provided program-specification to guide program repair to find the correct patch while efficiently navigating a large search-space. In doing so, we also provide additional guarantees for the correctness of the generated patches by generating additional test-cases. Fourth, inspired by program synthesis technique, we propose a novel transformation rule synthesis algorithm that can produce properly generalized transformation rules to automatically backport trusted patches to older versions of the same software. Last, we propose a code transplantation technique to repair semantically equivalent programs that exhibit potential for a similar variant of the identified vulnerability.