{"633007":{"#nid":"633007","#data":{"type":"news","title":"Georgia Tech Researchers Develop New Tool to Preserve Crash Report Privacy","body":[{"value":"\u003Cp\u003EWhen a user opts to send a crash report following a program failure, the report could share personal information including usernames, passwords, and other confidential details.\u003C\/p\u003E\r\n\r\n\u003Cp\u003EThis is why Georgia Tech researchers created a new tool called Desensitization that generates crash reports that preserve the original error \u0026mdash; whether a bug or attack \u0026mdash; without exposing privacy. The method is also smaller than half of all crash reports, taking less than 15 seconds to process and significantly saving resources for both users and developers.\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u0026ldquo;Crash dumps can have a severe outcome, including sensitive information leaking from end users, bad publicity, and financial liability for developers if a data breach happens,\u0026rdquo; said School of Computer Science Ph.D. student \u003Ca href=\u0022https:\/\/www.cc.gatech.edu\/grads\/r\/rding30\/\u0022\u003E\u003Cstrong\u003ERen Ding\u003C\/strong\u003E\u003C\/a\u003E. \u0026ldquo;We came up with the idea to desensitize crashes while keeping necessary attack payloads before sharing it to the developers.\u0026rdquo;\u003C\/p\u003E\r\n\r\n\u003Cp\u003EDesensitization is effective at removing more than 80 percent of potential sensitive data from Linux crash reports and nearly 50 percent of Windows crash reports.\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u003Cstrong\u003EThe problem with crash reports\u003C\/strong\u003E\u003C\/p\u003E\r\n\r\n\u003Cp\u003ECrash reports usually include a coredump file that contains the central processing unit context and memory of the program, or the program inputs that made it crash. Both can include sensitive data, from session tokens to personal contact information.\u003C\/p\u003E\r\n\r\n\u003Cp\u003EPrevious techniques to remove this type of data weren\u0026rsquo;t effective. Relying on developers to hand-annotate the data is time consuming and error prone. Another method that uses a pattern-based search to identify private data, such as email addresses, doesn\u0026rsquo;t work on program-specific data. The biggest issue with both methods is how much computation they require.\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u003Cstrong\u003EHow Desensitization works\u003C\/strong\u003E\u003C\/p\u003E\r\n\r\n\u003Cp\u003EIn contrast, Desensitization first runs on the user side to decouple general information and crash evidence from personal data. The order is strategic, according to Ding. End users may not have as much computation power as developers, so debugging and analysis isn\u0026rsquo;t efficient at the source.\u003C\/p\u003E\r\n\r\n\u003Cp\u003EIt\u0026rsquo;s imperative to minimize necessary resources such as time and memory, making the program \u0026ldquo;lightweight.\u0026rdquo; The goal, said Ding, is to extract enough general information so developers can conduct the crash diagnostics on their end. Once the tool extracts the attack information from the user, it\u0026rsquo;s sent to the server for more thorough analysis.\u003C\/p\u003E\r\n\r\n\u003Cp\u003EThe researchers\u0026rsquo; method is bug and attack oriented to ensure the tool only focuses on relevant data. With this in mind, they designed one general and four lightweight techniques.\u003C\/p\u003E\r\n\r\n\u003Cp\u003EThe general technique scans the memory to identify all pointers, a programming language object that stores memory and where most attacks reside. The four other techniques either identify specific information or customize existing techniques in prominent bugs and attacks.\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u0026ldquo;Our security model relies on the security guarantee of previous detection methods,\u0026rdquo; Ding said. \u0026ldquo;That\u0026rsquo;s why we try to make the current framework customizable by adopting the module design so that it can support more in the future.\u0026rdquo;\u003C\/p\u003E\r\n\r\n\u003Cp\u003EThe module design of Desensitization makes the tool easy to apply to future technique and works on existing crash report analysis formats.\u003C\/p\u003E\r\n\r\n\u003Cp\u003EThe solution is available to developers via \u003Ca href=\u0022https:\/\/github.com\/sslab-gatech\/desensitization\u0022\u003EGithub\u003C\/a\u003E.\u003C\/p\u003E\r\n\r\n\u003Cp\u003EDing will present the research at the \u003Ca href=\u0022https:\/\/www.ndss-symposium.org\/\u0022\u003ENetwork and Distributed System Security Symposium (NDSS)\u003C\/a\u003E in San Diego running from Feb. 23 through 26. He co-wrote the paper, \u003Ca href=\u0022https:\/\/www.ndss-symposium.org\/ndss-paper\/desensitization-privacy-aware-and-attack-preserving-crash-report\/\u0022\u003E\u003Cem\u003EDesensitization: Privacy-Aware and Attack-Preserving Crash Reports\u003C\/em\u003E\u003C\/a\u003E, with fellow SCS Ph.D. students \u003Ca href=\u0022https:\/\/www.cc.gatech.edu\/~hhu86\/\u0022\u003E\u003Cstrong\u003EHong Hu\u003C\/strong\u003E\u003C\/a\u003E and \u003Ca href=\u0022https:\/\/gts3.org\/~wen\/\u0022\u003E\u003Cstrong\u003EWen Xu\u003C\/strong\u003E\u003C\/a\u003E and Associate Professor \u003Ca href=\u0022https:\/\/taesoo.kim\/\u0022\u003E\u003Cstrong\u003ETaesoo Kim\u003C\/strong\u003E\u003C\/a\u003E.\u003C\/p\u003E\r\n","summary":null,"format":"limited_html"}],"field_subtitle":"","field_summary":"","field_summary_sentence":[{"value":"This is why Georgia Tech researchers created a new tool called Desensitization that generates crash reports that preserve the original error \u2014 whether a bug or attack \u2014 without exposing privacy."}],"uid":"34541","created_gmt":"2020-02-26 21:51:33","changed_gmt":"2020-02-26 21:59:08","author":"Tess Malone","boilerplate_text":"","field_publication":"","field_article_url":"","dateline":{"date":"2020-02-26T00:00:00-05:00","iso_date":"2020-02-26T00:00:00-05:00","tz":"America\/New_York"},"extras":[],"hg_media":{"633008":{"id":"633008","type":"image","title":"Crash report","body":null,"created":"1582754158","gmt_created":"2020-02-26 21:55:58","changed":"1582754158","gmt_changed":"2020-02-26 21:55:58","alt":"Crash report","file":{"fid":"240861","name":"2865993206_73272da380.jpg","image_path":"\/sites\/default\/files\/images\/2865993206_73272da380.jpg","image_full_path":"http:\/\/www.tlwarc.hg.gatech.edu\/\/sites\/default\/files\/images\/2865993206_73272da380.jpg","mime":"image\/jpeg","size":43872,"path_740":"http:\/\/www.tlwarc.hg.gatech.edu\/sites\/default\/files\/styles\/740xx_scale\/public\/images\/2865993206_73272da380.jpg?itok=HpLllG5Q"}}},"media_ids":["633008"],"groups":[{"id":"47223","name":"College of Computing"},{"id":"50875","name":"School of Computer Science"}],"categories":[],"keywords":[],"core_research_areas":[{"id":"145171","name":"Cybersecurity"}],"news_room_topics":[],"event_categories":[],"invited_audience":[],"affiliations":[],"classification":[],"areas_of_expertise":[],"news_and_recent_appearances":[],"phone":[],"contact":[{"value":"\u003Cp\u003ETess Malone, Communications Officer\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u003Ca href=\u0022mailto:tess.malone@cc.gatech.edu\u0022\u003Etess.malone@cc.gatech.edu\u003C\/a\u003E\u003C\/p\u003E\r\n","format":"limited_html"}],"email":[],"slides":[],"orientation":[],"userdata":""}}}