Camouflage: Automated Sanitization of Field Data

Date Added: Dec 2009
Format: PDF

In this paper, the authors presented a novel technique for sanitizing inputs that cause failures. Given a failure-inducing input, the technique identifies an input set that includes this input together with other inputs that induce the same failure and selects an input different from the initial one from this set. To do this, the technique leverages a specialized version of symbolic execution and various optimizations that aim to increase the size of the failure-revealing input set (so as to increase the effectiveness of the sanitization). They also presented camouflage, a prototype implementation of the approach for Java programs, and an empirical evaluation of camouflage on 170 failure-inducing inputs for several real applications.