Camouflage: Automated Sanitization of Field Data

Privacy and security concerns have adversely affected the usefulness of many types of techniques that leverage information gathered from deployed applications. To address this issue, we present a new approach for automatically sanitizing failure-inducing inputs. Given an input I that causes a failure f , our technique can generate a sanitized input I ′ that is different from I but still causes f . I ′ can then be sent to the developers to help them debug f , without revealing the possibly sensitive information contained in I. We implemented our approach in a prototype tool, camouflage, and performed an empirical evaluation. In the evaluation, we applied camouflage to a large set of failure-inducing inputs for several real applications. The results of the evaluation are promising; they show that camouflage is both practical and effective at generating sanitized inputs. In particular, for the inputs that we considered, I and I ′ shared no sensitive information.