Kavli Affiliate: Feng Yuan
| First 5 Authors: Tamjid Al Rahat, Tamjid Al Rahat, , ,
| Summary:
OpenID Connect has revolutionized online authentication based on single
sign-on (SSO) by providing a secure and convenient method for accessing
multiple services with a single set of credentials. Despite its widespread
adoption, critical security bugs in OpenID Connect have resulted in significant
financial losses and security breaches, highlighting the need for robust
mitigation strategies. Automated program repair presents a promising solution
for generating candidate patches for OpenID implementations. However,
challenges such as domain-specific complexities and the necessity for precise
fault localization and patch verification must be addressed. We propose
AuthFix, a counterexample-guided repair engine leveraging LLMs for automated
OpenID bug fixing. AuthFix integrates three key components: fault localization,
patch synthesis, and patch verification. By employing a novel Petri-net-based
model checker, AuthFix ensures the correctness of patches by effectively
modeling interactions. Our evaluation on a dataset of OpenID bugs demonstrates
that AuthFix successfully generated correct patches for 17 out of 23 bugs
(74%), with a high proportion of patches semantically equivalent to
developer-written fixes.
| Search Query: ArXiv Query: search_query=au:”Feng Yuan”&id_list=&start=0&max_results=3