{"id":"https://openalex.org/W4387736698","doi":"https://doi.org/10.1007/s10515-023-00398-6","title":"DifFuzzAR: automatic repair of timing side-channel vulnerabilities via refactoring","display_name":"DifFuzzAR: automatic repair of timing side-channel vulnerabilities via refactoring","publication_year":2023,"publication_date":"2023-10-18","ids":{"openalex":"https://openalex.org/W4387736698","doi":"https://doi.org/10.1007/s10515-023-00398-6"},"language":"en","primary_location":{"id":"doi:10.1007/s10515-023-00398-6","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s10515-023-00398-6","pdf_url":"https://link.springer.com/content/pdf/10.1007/s10515-023-00398-6.pdf","source":{"id":"https://openalex.org/S4210177399","display_name":"Automated Software Engineering","issn_l":"0928-8910","issn":["0928-8910","1573-7535"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Automated Software Engineering","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://link.springer.com/content/pdf/10.1007/s10515-023-00398-6.pdf","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5104027276","display_name":"Rui Lima","orcid":null},"institutions":[{"id":"https://openalex.org/I4210154254","display_name":"Instituto Superior de Tecnologias Avan\u00e7adas","ror":"https://ror.org/04hzbg791","country_code":"PT","type":"education","lineage":["https://openalex.org/I4210154254"]},{"id":"https://openalex.org/I141596103","display_name":"University of Lisbon","ror":"https://ror.org/01c27hj86","country_code":"PT","type":"education","lineage":["https://openalex.org/I141596103"]},{"id":"https://openalex.org/I121345201","display_name":"Instituto de Engenharia de Sistemas e Computadores Investiga\u00e7\u00e3o e Desenvolvimento","ror":"https://ror.org/04mqy3p58","country_code":"PT","type":"nonprofit","lineage":["https://openalex.org/I121345201","https://openalex.org/I4210125590"]}],"countries":["PT"],"is_corresponding":true,"raw_author_name":"Rui Lima","raw_affiliation_strings":["INESC-ID, Lisbon, Portugal","IST, University of Lisbon, Lisbon, Portugal"],"affiliations":[{"raw_affiliation_string":"INESC-ID, Lisbon, Portugal","institution_ids":["https://openalex.org/I121345201"]},{"raw_affiliation_string":"IST, University of Lisbon, Lisbon, Portugal","institution_ids":["https://openalex.org/I4210154254","https://openalex.org/I141596103"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5012075571","display_name":"Jo\u00e3o F. Ferreira","orcid":"https://orcid.org/0000-0002-6612-9013"},"institutions":[{"id":"https://openalex.org/I141596103","display_name":"University of Lisbon","ror":"https://ror.org/01c27hj86","country_code":"PT","type":"education","lineage":["https://openalex.org/I141596103"]},{"id":"https://openalex.org/I4210154254","display_name":"Instituto Superior de Tecnologias Avan\u00e7adas","ror":"https://ror.org/04hzbg791","country_code":"PT","type":"education","lineage":["https://openalex.org/I4210154254"]},{"id":"https://openalex.org/I121345201","display_name":"Instituto de Engenharia de Sistemas e Computadores Investiga\u00e7\u00e3o e Desenvolvimento","ror":"https://ror.org/04mqy3p58","country_code":"PT","type":"nonprofit","lineage":["https://openalex.org/I121345201","https://openalex.org/I4210125590"]}],"countries":["PT"],"is_corresponding":false,"raw_author_name":"Jo\u00e3o F. Ferreira","raw_affiliation_strings":["INESC-ID, Lisbon, Portugal","IST, University of Lisbon, Lisbon, Portugal"],"affiliations":[{"raw_affiliation_string":"INESC-ID, Lisbon, Portugal","institution_ids":["https://openalex.org/I121345201"]},{"raw_affiliation_string":"IST, University of Lisbon, Lisbon, Portugal","institution_ids":["https://openalex.org/I4210154254","https://openalex.org/I141596103"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101599601","display_name":"Alexandra Mendes","orcid":"https://orcid.org/0000-0001-8060-5920"},"institutions":[{"id":"https://openalex.org/I4210166615","display_name":"INESC TEC","ror":"https://ror.org/05fa8ka61","country_code":"PT","type":"nonprofit","lineage":["https://openalex.org/I4210125590","https://openalex.org/I4210166615"]},{"id":"https://openalex.org/I182534213","display_name":"Universidade do Porto","ror":"https://ror.org/043pwc612","country_code":"PT","type":"education","lineage":["https://openalex.org/I182534213"]}],"countries":["PT"],"is_corresponding":false,"raw_author_name":"Alexandra Mendes","raw_affiliation_strings":["Faculty of Engineering, University of Porto, Porto, Portugal","HASLab/INESC TEC, Porto, Portugal"],"affiliations":[{"raw_affiliation_string":"Faculty of Engineering, University of Porto, Porto, Portugal","institution_ids":["https://openalex.org/I182534213"]},{"raw_affiliation_string":"HASLab/INESC TEC, Porto, Portugal","institution_ids":["https://openalex.org/I4210166615"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5008198053","display_name":"Carolina Carreira","orcid":"https://orcid.org/0000-0002-4526-6510"},"institutions":[{"id":"https://openalex.org/I121345201","display_name":"Instituto de Engenharia de Sistemas e Computadores Investiga\u00e7\u00e3o e Desenvolvimento","ror":"https://ror.org/04mqy3p58","country_code":"PT","type":"nonprofit","lineage":["https://openalex.org/I121345201","https://openalex.org/I4210125590"]},{"id":"https://openalex.org/I4210154254","display_name":"Instituto Superior de Tecnologias Avan\u00e7adas","ror":"https://ror.org/04hzbg791","country_code":"PT","type":"education","lineage":["https://openalex.org/I4210154254"]},{"id":"https://openalex.org/I141596103","display_name":"University of Lisbon","ror":"https://ror.org/01c27hj86","country_code":"PT","type":"education","lineage":["https://openalex.org/I141596103"]}],"countries":["PT"],"is_corresponding":false,"raw_author_name":"Carolina Carreira","raw_affiliation_strings":["INESC-ID, Lisbon, Portugal","IST, University of Lisbon, Lisbon, Portugal"],"affiliations":[{"raw_affiliation_string":"INESC-ID, Lisbon, Portugal","institution_ids":["https://openalex.org/I121345201"]},{"raw_affiliation_string":"IST, University of Lisbon, Lisbon, Portugal","institution_ids":["https://openalex.org/I4210154254","https://openalex.org/I141596103"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5104027276"],"corresponding_institution_ids":["https://openalex.org/I121345201","https://openalex.org/I141596103","https://openalex.org/I4210154254"],"apc_list":{"value":2290,"currency":"EUR","value_usd":2890},"apc_paid":{"value":2290,"currency":"EUR","value_usd":2890},"fwci":0.3457,"has_fulltext":true,"cited_by_count":2,"citation_normalized_percentile":{"value":0.66635195,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":95,"max":96},"biblio":{"volume":"31","issue":"1","first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9977999925613403,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9976999759674072,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7948439121246338},{"id":"https://openalex.org/keywords/side-channel-attack","display_name":"Side channel attack","score":0.787061333656311},{"id":"https://openalex.org/keywords/code-refactoring","display_name":"Code refactoring","score":0.7864654064178467},{"id":"https://openalex.org/keywords/secure-coding","display_name":"Secure coding","score":0.6774216890335083},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.6518528461456299},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.5430099964141846},{"id":"https://openalex.org/keywords/source-code","display_name":"Source code","score":0.4922603666782379},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.48876428604125977},{"id":"https://openalex.org/keywords/channel","display_name":"Channel (broadcasting)","score":0.4880293905735016},{"id":"https://openalex.org/keywords/java","display_name":"Java","score":0.4570704698562622},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.41703173518180847},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3739941716194153},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.16562354564666748},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.13588884472846985},{"id":"https://openalex.org/keywords/cryptography","display_name":"Cryptography","score":0.10438710451126099},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.08641788363456726},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.07434976100921631}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7948439121246338},{"id":"https://openalex.org/C49289754","wikidata":"https://www.wikidata.org/wiki/Q2267081","display_name":"Side channel attack","level":3,"score":0.787061333656311},{"id":"https://openalex.org/C152752567","wikidata":"https://www.wikidata.org/wiki/Q116877","display_name":"Code refactoring","level":3,"score":0.7864654064178467},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.6774216890335083},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.6518528461456299},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.5430099964141846},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.4922603666782379},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.48876428604125977},{"id":"https://openalex.org/C127162648","wikidata":"https://www.wikidata.org/wiki/Q16858953","display_name":"Channel (broadcasting)","level":2,"score":0.4880293905735016},{"id":"https://openalex.org/C548217200","wikidata":"https://www.wikidata.org/wiki/Q251","display_name":"Java","level":2,"score":0.4570704698562622},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.41703173518180847},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3739941716194153},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.16562354564666748},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.13588884472846985},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.10438710451126099},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.08641788363456726},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.07434976100921631},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.0},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1007/s10515-023-00398-6","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s10515-023-00398-6","pdf_url":"https://link.springer.com/content/pdf/10.1007/s10515-023-00398-6.pdf","source":{"id":"https://openalex.org/S4210177399","display_name":"Automated Software Engineering","issn_l":"0928-8910","issn":["0928-8910","1573-7535"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Automated Software Engineering","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.1007/s10515-023-00398-6","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s10515-023-00398-6","pdf_url":"https://link.springer.com/content/pdf/10.1007/s10515-023-00398-6.pdf","source":{"id":"https://openalex.org/S4210177399","display_name":"Automated Software Engineering","issn_l":"0928-8910","issn":["0928-8910","1573-7535"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Automated Software Engineering","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G2441341484","display_name":null,"funder_award_id":"UIDB/50021/2020","funder_id":"https://openalex.org/F4320334779","funder_display_name":"Funda\u00e7\u00e3o para a Ci\u00eancia e a Tecnologia"},{"id":"https://openalex.org/G2582522631","display_name":null,"funder_award_id":"Funda\u00e7\u00e3o para a Ci\u00eancia e Tecnologia","funder_id":"https://openalex.org/F4320334779","funder_display_name":"Funda\u00e7\u00e3o para a Ci\u00eancia e a Tecnologia"},{"id":"https://openalex.org/G3272457656","display_name":null,"funder_award_id":"UIDB/","funder_id":"https://openalex.org/F4320334779","funder_display_name":"Funda\u00e7\u00e3o para a Ci\u00eancia e a Tecnologia"},{"id":"https://openalex.org/G4232680118","display_name":null,"funder_award_id":"CMU/TIC/0006/2019","funder_id":"https://openalex.org/F4320334779","funder_display_name":"Funda\u00e7\u00e3o para a Ci\u00eancia e a Tecnologia"}],"funders":[{"id":"https://openalex.org/F4320319180","display_name":"Carnegie Mellon Portugal","ror":null},{"id":"https://openalex.org/F4320323424","display_name":"Universidade de Lisboa","ror":"https://ror.org/01c27hj86"},{"id":"https://openalex.org/F4320334779","display_name":"Funda\u00e7\u00e3o para a Ci\u00eancia e a Tecnologia","ror":"https://ror.org/00snfqn58"}],"has_content":{"pdf":true,"grobid_xml":false},"content_urls":{"pdf":"https://content.openalex.org/works/W4387736698.pdf"},"referenced_works_count":34,"referenced_works":["https://openalex.org/W104553443","https://openalex.org/W174941419","https://openalex.org/W1481364363","https://openalex.org/W1558671776","https://openalex.org/W1962482270","https://openalex.org/W1977764760","https://openalex.org/W2107691219","https://openalex.org/W2113157806","https://openalex.org/W2122786779","https://openalex.org/W2126071695","https://openalex.org/W2145373440","https://openalex.org/W2166789068","https://openalex.org/W2344973853","https://openalex.org/W2373227884","https://openalex.org/W2605202003","https://openalex.org/W2765944901","https://openalex.org/W2766853874","https://openalex.org/W2924629359","https://openalex.org/W2963047853","https://openalex.org/W2963804422","https://openalex.org/W2998011150","https://openalex.org/W3043761819","https://openalex.org/W3160155705","https://openalex.org/W3205940821","https://openalex.org/W3213134179","https://openalex.org/W4207058373","https://openalex.org/W4226085831","https://openalex.org/W4237254037","https://openalex.org/W4244452926","https://openalex.org/W4248431727","https://openalex.org/W4255632703","https://openalex.org/W4288614128","https://openalex.org/W4312747527","https://openalex.org/W6600459194"],"related_works":["https://openalex.org/W194942058","https://openalex.org/W2991900792","https://openalex.org/W2088986462","https://openalex.org/W1985388819","https://openalex.org/W2292865721","https://openalex.org/W4319165526","https://openalex.org/W2469491375","https://openalex.org/W4387007323","https://openalex.org/W2394062615","https://openalex.org/W2990618290"],"abstract_inverted_index":{"Abstract":[0],"Vulnerability":[1],"detection":[2,42],"and":[3,8,26,32,57,105,158],"repair":[4,33,90,110],"is":[5,36,52,78,107],"a":[6,37,47,86,145,165],"demanding":[7],"expensive":[9],"part":[10],"of":[11,43,49,72,91,112,144],"the":[12,113,123,142,153],"software":[13],"development":[14],"process.":[15],"As":[16],"such,":[17],"there":[18],"has":[19],"been":[20],"an":[21],"effort":[22],"to":[23,29,55,109],"develop":[24],"new":[25],"better":[27],"ways":[28],"automatically":[30,73,126],"detect":[31,56],"vulnerabilities.":[34],"DifFuzz":[35,104],"state-of-the-art":[38],"tool":[39,87,99,124],"for":[40,88,169],"automatic":[41,89],"timing":[44,75,92,128],"side-channel":[45,76,93,129],"vulnerabilities,":[46,130],"type":[48],"vulnerability":[50],"that":[51,122,136,149,159],"particularly":[53],"difficult":[54],"correct.":[58],"Despite":[59],"recent":[60],"progress":[61],"made":[62],"with":[63,103,134],"tools":[64,70],"such":[65,164],"as":[66],"DifFuzz,":[67],"work":[68],"on":[69],"capable":[71],"repairing":[74],"vulnerabilities":[77,94,114],"scarce.":[79],"In":[80,140],"this":[81],"paper,":[82],"we":[83],"propose":[84],"DifFuzzAR,":[85],"in":[95,101,116,163,167],"Java":[96],"code.":[97,172],"The":[98,119],"works":[100],"conjunction":[102],"it":[106],"able":[108],"56%":[111],"identified":[115],"DifFuzz\u2019s":[117],"dataset.":[118],"results":[120,143],"show":[121,148],"can":[125],"correct":[127],"being":[131],"more":[132,170],"effective":[133],"those":[135],"are":[137],"control-flow":[138],"based.":[139],"addition,":[141],"user":[146],"study":[147],"users":[150],"generally":[151],"trust":[152],"refactorings":[154],"produced":[155],"by":[156],"DifFuzzAR":[157],"they":[160],"see":[161],"value":[162],"tool,":[166],"particular":[168],"critical":[171]},"counts_by_year":[{"year":2025,"cited_by_count":2}],"updated_date":"2026-04-10T15:06:20.359241","created_date":"2025-10-10T00:00:00"}