Life After Self-Healing: Assessing Post-Repair Program Behavior
One promising technique for defending software systems against vulnerabilities involve the use of self-healing. Such efforts, however, carry a great deal of risk because they largely bypass the cycle of human-driven patching and testing used to vet both vendor and internally developed patches. In particular, it is difficult to predict if a repair will keep the behavior of the system consistent with "Normal" behavior. Assuring that post-repair behavior does not deviate from normal behavior is a major challenge to which no satisfactory solutions exist. The authors investigate the feasibility of automatically measuring behavioral deviations in software that has undergone a self-healing repair.