Name
Abstract | ||
|---|---|---|
Harm to the privacy of users through data leakage is not an unknown issue, however, it has not been studied in the context of the crash reporting system. Automatic Crash Reporting Systems (ACRS) are used by applications to report information about the errors happening during a software failure. Although crash reports are valuable to diagnose errors, they may contain usersu0027 sensitive information. In this paper, we study such a privacy leakage vis-a-vis browsersu0027 crash reporting systems. As a case study, we mine a dataset consisting of crash reports collected over the period of six years. Our analysis shows the presence of more than 20,000 sessions and token IDs, 600 passwords, 9,000 email addresses, an enormous amount of contact information, and other sensitive data. Our analysis sheds light on an important security and privacy issue in the current state-of-the-art browser crash reporting systems. Further, we propose a hotfix to enhance usersu0027 privacy and security in ACRS by removing sensitive data from the crash report prior to submit the report to the server. Our proposed hotfix can be easily integrated into the current implementation of ACRS and has no impact on the process of fixing bugs while maintaining the reportsu0027 readability. |
Year | Venue | Field |
|---|---|---|
2018 | arXiv: Cryptography and Security | Crash,Web browser,Computer security,Computer science,Software failure,Readability,Password,Hotfix,Information sensitivity,Security token |
DocType | Volume | Citations |
Journal | abs/1808.01718 | 0 |
PageRank | References | Authors |
0.34 | 0 | 2 |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Kiavash Satvat | 1 | 13 | 2.00 |
| Nitesh Saxena | 2 | 1204 | 82.45 |