Issue No. 01 - January (2008 vol. 34)
We present an algorithm by which mutually-distrusting parties can work together to learn program specifications while preserving their privacy. These specifications describe security policies and correct API usage rules. By sharing data, parties are able to discover more specifications, and thus find more software bugs, than if they never share data. However, because sharing data breaches privacy, we present a way for parties to perturb and publish data and yet still discover more specifications and bugs than if they had never shared data. In aggregate these perturbed traces can be analyzed to learn correct specifications of program behavior. The perturbed traces cannot, however, be analyzed to determine that one party contributed buggier traces than another party. The learned specifications are of benefit to all parties. Despite the noise introduced to safeguard privacy, our algorithm typically learns specifications that find 85% of the bugs that a no-privacy approach would find. A lack of traces is a critical obstacle to practical specification mining; we present an approach for privately sharing traces to gain a large public and private benefit.
F.3.1.f Specification techniques, D.2.19 Software Quality/SQA, I.2.6 Learning, K.4.1.f Privacy
N. Mishra and W. Weimer, "Privately Finding Specifications," in IEEE Transactions on Software Engineering, vol. 34, no. , pp. 21-32, 2007.