微信服务号

微信订阅号

2025年3月24日 11:58 星期一
首页 > 过刊浏览>2018年第29卷第5期 >1199-1212. DOI:10.13328/j.cnki.jos.005505
PDF HTML阅读 XML下载 导出引用 引用提醒
一种利用补丁的未知漏洞发现方法
作者:
作者简介:

李赞(1993-),女,天津人,硕士生,主要研究领域为软件安全分析;石文昌(1964-),男,博士,教授,博士生导师,CCF杰出会员,主要研究领域为系统安全,数字取证,基础软件;边攀(1987-),男,博士生,主要研究领域为程序静态分析;梁彬(1973-),男,博士,教授,博士生导师,CCF专业会员,主要研究领域为软件系统安全性分析,系统软件安全机制,信息安全攻防对抗.

通讯作者:

梁彬,E-mail:liangb@ruc.edu.cn

基金项目:

国家自然科学基金(91418206,61472429)


Approach of Leveraging Patches to Discover Unknown Vulnerabilities
Author:
Fund Project:

National Natural Science Foundation of China (91418206, 61472429)

  • 摘要
    • | |
  • 访问统计
    • |
  • 参考文献 [28]
    • |
  • 相似文献 [20]
    • | | |
  • 文章评论
    摘要:

    近年来,利用含有已知漏洞的函数作为准则,通过查找相似代码实现来检测未知漏洞的方法已被证明是有效的.但是,一个含有漏洞的函数通常也包含一些与已知漏洞无关的语句,严重影响相似度计算的结果,从而引发误报和漏报.提出了一种利用补丁来提高这种相似性检测准确性的漏洞发现方法.结合漏洞的补丁信息,引入程序切片技术去除原来含有漏洞的函数中与漏洞无关的语句,利用获得的切片生成去噪的漏洞特征来进行潜在未知漏洞检测.该方法已经在一些真实的代码集中实施,并且实验结果证明该方法确实能够有效减弱漏洞无关语句的干扰,达到提高检测准确性的目的.该方法还成功检测到了3个未知漏洞且已经得到确认.

    Abstract:

    In recent years,taking the known vulnerable function as the criteria to retrieve the similar implementation has been proven to be an effective vulnerabilities detection method.However,a vulnerable function often contains some statements that are irrelevant to the vulnerability of interest,which may heavily interfere with the similarity computation and lead to false positives and false negatives.This paper presents an approach to improve the precision of the retrieval-based vulnerabilities detection by leveraging the patch of the vulnerable function.The program slicing technique is adopted to exclude irrelevant statements from the original vulnerable function according to the patch.A denoised feature vector is generated from the obtained slice and is used to search the potential unknown vulnerabilities in the code base.This approach has been applied to some real-world projects.Experimental results show that the approach can effectively reduce the interference of irrelevant statements and improve the detection precision.Three confirmed unknown vulnerabilities are successfully detected from the projects.

    参考文献
    [1] Hopcroft J, Motwani R, Ullmann J. Introduction to Automata Theory, Languages, and Computation. 2nd ed., New York:Addison-Wesley, 2001.
    [2] Li ZM, Zhou YY. PR-Miner:Automatically extracting implicit programming rules and detecting violations in large software code. In:Proc. of the European Software Engineering Conf. Held Jointly with ACM SIGSOFT Int'l Symp. on Foundations of Software Engineering. ACM Press, 2005. 306-315.[doi:10.1145/1081706.1081755]
    [3] Tan L, Yuan D, Krishna G, Zhou YY. iComment:Bugs or bad comments. In:Proc. of ACM Symposium on Operating Systems Principles. ACM Press, 2007. 145-158.[doi:10.1145/1294261.1294276]
    [4] Tan L, Zhang XL, Ma X, Song WW, Zhou YY. AutoISES:Automatically inferring security specification and detecting violations. In:Proc. of the USENIX Security Symp. USENIX Association Press, 2008. 379-394.
    [5] Tan L, Zhou YY, Padioleau Y. aComment:Mining annotations from comments and code to detect interrupt related concurrency bugs. In:Proc. of the Int'l Conf. on Software Engineering. ACM Press, 2011. 11-20.[doi:10.1145/1985793.1985796]
    [6] Pradel M, Jaspan C, Aldrich J, Gross TR. Statically checking API protocol conformance with mined multi-object specifications. In:Proc. of the Int'l Conf. on Software Engineering. IEEE Computer Society Press, 2012. 925-935.[doi:10.1109/ICSE.2012. 6227127]
    [7] Yamaguchi F, Wressnegger C, Gascon H, Rieck K. Chucky:Exposing missing checks in source code for vulnerability discovery. In:Proc. of the ACM SIGSAC Conf. on Computer & Communications Security. ACM Press, 2013. 499-510.[doi:10.1145/2508859. 2516665]
    [8] Yamaguchi F, Golde N, Arp D, Rieck K. Modeling and discovering vulnerabilities with code property graphs. In:Proc. of the IEEE Symp. on Security and Privacy. IEEE Computer Society Press, 2014. 590-604.[doi:10.1109/SP.2014.44]
    [9] Liang B, Bian P, Zhang Y, Shi WC, You W, Cai Y. AntMiner:Mining more bugs by reducing noise interference. In:Proc. of the Int'l Conf. on Software Engineering. ACM Press, 2016. 333-344.[doi:10.1145/2884781.2884870]
    [10] Yun I, Min C, Si X, Jang Y, Kim T, Naik M. APISan:Sanitizing API usages through semantic cross-checking. In:Proc. of the USENIX Security Symp. USENIX Association Press, 2016. 363-378.
    [11] Yamaguchi F, Lottmann M, Rieck K. Generalized vulnerability extrapolation using abstract syntax trees. In:Proc. of the Annual Computer Security Applications Conf. ACM Press, 2012. 359-368.[doi:10.1145/2420950.2421003]
    [12] Eschweiler S, Yakdan K, Padilla EG. discovRE:Efficient cross-architecture identification of bugs in binary code. In:Proc. of the 23nd Annual Network and Distributed System Security Symp. The Internet Society Press, 2016.
    [13] Feng Q, Zhou RD, Xu CC, Cheng Y, Testa B, Yin H. Scalable graph-based bug search for firmware images. In:Proc. of the ACM SIGSAC Conf. on Computer and Communications Security. ACM Press, 2016. 480-491.[doi:10.1145/2976749.2978370]
    [14] FFmpeg. http://ffmpeg.org/
    [15] Ghostscript. https://www.ghostscript.com/
    [16] GNU Compiler Collections (GCC) Internals. https://gcc.gnu.org/onlinedocs/gccint
    [17] Aho AV, Sethi R, Ullman JD. Compilers:Principles, Techniques, and Tools. World Student Series ed., New York:Addison-Wesley, 1986.
    [18] Salton G, McGill MJ. Introduction to Modern Information Retrieval. New York:McGraw-Hill, 1984.
    [19] The Commit of FFmpeg. https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff/a4fb44723dcaa56416173bc3d0ff41e9cda25067?hp=25a592e5d45672bdfdac35bf0119907cdcddd1b7
    [20] Bug 698066 of Ghostscript. https://bugs.ghostscript.com/show_bug.cgi?id=698066
    [21] Bug 698073 of Ghostscript. https://bugs.ghostscript.com/show_bug.cgi?id=698073
    [22] Mikolov T, Sutskever I, Chen K, Corrado GS, Dean J. Distributed representations of words and phrases and their compositionality. In:Proc. of the Advances in Neural Information Processing Systems 26:The 27th Annual Conf. on Neural Information Processing Systems. 2013. 3111-3119.
    [23] Nguyen TD, Nguyen AT, Phan HD, Nguyen TN. Exploring API embedding for API usages and applications. In:Proc. of the Int'l Conf. on Software Engineering. IEEE/ACM Press, 2017. 438-449.[doi:10.1109/ICSE.2017.47]
    [24] Yamaguchi F, Maier A, Gascon H, Rieck K. Automatic inference of search patterns for taint-style vulnerabilities. In:Proc. of the IEEE Symp. on Security and Privacy. IEEE Computer Society Press, 2015. 797-812.[doi:10.1109/SP.2015.54]
    [25] Li ZM, Lu S, Myagmar S, Zhou YY. CP-Miner:Finding copy-paste and related bugs in large-scale software code. IEEE Trans. on Software Engineering, 2006,32(3):176-192.[doi:10.1109/TSE.2006.28]
    [26] David Y, Yahav E. Tracelet-Based code search in executables. In:Proc. of the ACM SIGPLAN Conf. on Programming Language Design and Implementation. ACM Press, 2014. 349-360.[doi:10.1145/2594291.2594343]
    [27] Kim SB, Woo SH, Lee HJ, Oh HJ. VUDDY:A scalable approach for vulnerable code clone discover. In:Proc. of the IEEE Symp. on Security and Privacy. IEEE Computer Society Press, 2017. 595-614.[doi:10.1109/SP.2017.62]
    [28] Brumley D, Poosankam P, Song D, Zheng J. Automatic patch-based exploit generation is possible:Techniques and implications. In:Proc. of the IEEE Symp. on Security and Privacy. IEEE Computer Society Press, 2008. 143-157.[doi:10.1109/SP.2008.17]
    引证文献
    网友评论
    网友评论
    分享到微博
    发 布
引用本文

李赞,边攀,石文昌,梁彬.一种利用补丁的未知漏洞发现方法.软件学报,2018,29(5):1199-1212

复制
分享
文章指标
  • 点击次数:3539
  • 下载次数: 7625
  • HTML阅读次数: 3537
  • 引用次数: 0
历史
  • 收稿日期:2017-07-02
  • 最后修改日期:2017-12-13
  • 在线发布日期: 2018-05-06
文章二维码
友情链接:中国科学院软件研究所中国计算机学会中国科学院国家自然科学基金委员会CCF数字图书馆Int'l J of Softw Info计算机系统应用
您是第19727752位访问者
版权所有:中国科学院软件研究所 京ICP备05046678号-3
地址:北京市海淀区中关村南四街4号,邮政编码:100190
电话:010-62562563 传真:010-62562533 Email:jos@iscas.ac.cn
技术支持:北京勤云科技发展有限公司

京公网安备 11040202500063号