A Novel Debugging Technique Based on Lightweight Crash Report Considering Security

Abstract

Crashes can occur due to code defects while using released software. This is mainly caused by various errors ranging from simple errors to unhandled exceptions. When a crash occurs, a crash report is generated and transmitted to the developer to debug the code. Debugging for tracing and correcting them is a very important task in terms of improving the dependability of the software. The problem is that the crash report contains too much information. So that it is difficult to focus on the core information related to the crash. To make matters worse, in the security-critical situation, such as the case of the defense-related sites to which this paper is targeted, important exception information of client for debugging is not properly provided. In this paper, to solve the above problem, we propose a novel technique to automatically generate high-quality lightweight crash report with high security by collecting exception and memory information useful for error tracing without violating user's personal information in the execution environment. Furthermore, we propose a precise error tracing technique by linking the crash report with the source code of the development environment. To validate the proposed technique, we applied it to prominent open source projects, such as security, registry, and so on using the MS Windows platform. And we compared the results with WinDbg, the most powerful tool available for the same purpose. As a result, our proposed technique improves security by excluding five critical information that threatens security while maintaining error tracing accuracy of existing research. In addition, the amount of information needed for error tracing is reduced by 72%, making it easier for developers to resolve errors. Finally, the automation of crash report generation and error tracing improves error tracing efficiency by reducing the time required for error analysis by 78%.