Isolating Graphical Failure-Inducing Input for Privacy Protection in Error Reporting Systems

• Main Authors: Matos João, Garcia João, Coração Nuno
• Format: Article
• Language: English
• Published: Sciendo 2016-04-01
• Series: Proceedings on Privacy Enhancing Technologies
• Subjects: privacy; error reporting; fault-replication; software maintenance; combinatorial testing
• Online Access: https://doi.org/10.1515/popets-2016-0002

This work proposes a new privacy-enhancing system that minimizes the disclosure of information in error reports. Error reporting mechanisms are of the utmost importance to correct software bugs but, unfortunately, the transmission of an error report may reveal users’ private information. Some privacy-enhancing systems for error reporting have been presented in the past years, yet they rely on path condition analysis, which we show in this paper to be ineffective when it comes to graphical-based input. Knowing that numerous applications have graphical user interfaces (GUI), it is very important to overcome such limitation. This work describes a new privacy-enhancing error reporting system, based on a new input minimization algorithm called GUIᴍɪɴ that is geared towards GUI, to remove input that is unnecessary to reproduce the observed failure. Before deciding whether to submit the error report, the user is provided with a step-by-step graphical replay of the minimized input, to evaluate whether it still yields sensitive information. We also provide an open source implementation of the proposed system and evaluate it with well-known applications.