Abstract
Software vulnerability has long been considered an important threat to the system safety. A vulnerability often gets reproduced due to the frequent code reuse by programmers. Security patches are often not propagated to all code clones, however they could be leveraged to discover unknown vulnerabilities. Static auditing approaches are frequently proposed to scan code for security flaws, unfortunately, they often generate too many false positives. While dynamic execution analysis can precisely report vulnerabilities, they are in effective in path exploration which limits them to scale to large programs. In this paper, we propose a scalable approach to discover vulnerabilities in real world programs based on released security patches. We use a fast and scalable syntax-based way to find code clones and then, we verify the code clones using concolic testing to dramatically decrease the false positives. Besides, we mitigate the path explosion problem by backward data tracing in concolic execution. We conducted experiments with real world open source projects (Linux Ubuntu OS distributions and program packages) and we reported 7 real vulnerabilities out of 63 code clones found in Ubuntu 14.04 LTS. In one step further, we have confirmed more code clone vulnerabilities in various versions of programs including Apache and Rsyslog. Meanwhile, we also tested the effectiveness of vulnerability verification with test cases from Juliet Test Suite. The result showed that our verification method achieved 98% accuracy with 0 false positives.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Sen, K., Marinov, D., Agha, G.: Cute: a concolic unit testing engine for C. In: ACM SIGSOFT International Symposium on Foundations of Software Engineering, pp. 263–272 (2005)
Haugh, E., Bishop, M.: Testing c programs for buffer overflow vulnerabilities. In: Network and Distributed System Security Symposium, pp. 123–130 (2003)
Jang, J., Agrawal, A., Brumley, D.: ReDeBug: finding unpatched code clones in entire os distributions. In: IEEE Symposium on Security and Privacy, pp. 48–62 (2012)
Ma, K.-K., Yit Phang, K., Foster, J.S., Hicks, M.: Directed symbolic execution. In: Yahav, E. (ed.) Static Analysis. LNCS, vol. 6887, pp. 95–111. Springer, Heidelberg (2011)
Godefroid, P., Klarlund, N., Sen, K.: Dart: directed automated random testing. In: ACM Sigplan Conf. on Programming Language Design and Implementation (2005)
Wheeler, D.: Flawfinder (2011), http://www.dwheeler.com/flawfinder
Evans, D.: Splint, http://www.splint.org
Kim, M., Kim, Y., Jang, Y.: Industrial application of concolic testing on embedded software: Case studies. In: IEEE Int’l Conf. on Software Testing, Verification and Validation, pp. 390–399 (2012)
Gabel, M., Yang, J., Yu, Y., Goldszmidt, M., Su, Z.: Scalable and systematic detection of buggy inconsistencies in source code. In: ACM Int’l Conf. on Object Oriented Programming Systems Languages and Applications (2010)
Jiang, L., Misherghi, G., Su, Z., Glondu, S.: Deckard: Scalable and accurate tree-based detection of code clones. In: Int’l Conf. on Software Engineering, pp. 96–105 (2007)
Cadar, C., Dunbar, D., Engler, D.: Klee: Unassisted and automatic generation of high-coverage tests for complex systems programs. In: USENIX Symp. on Operating Systems Design and Implementation, vol. 8, pp. 209–224 (2008)
Zhang, D., Liu, D., Lei, Y., Kung, D., Csallner, C., Wang, W.: Detecting vulnerabilities in c programs using trace-based testing. In: IEEE/IFIP Int’l Conf. on Dependable Systems and Networks, pp. 241–250 (2010)
Broder, A., Mitzenmacher, M.: Network applications of bloom filters: A survey. Internet Mathematics 1(4), 485–509 (2004)
Li, H., Kim, T., Bat-Erdene, M., Lee, H.: Software vulnerability detection using backward trace analysis and symbolic execution. In: Int’l Conf. on Availability, Reliability and Security, pp. 446–454 (2013)
Vulnerabilities, C.: Exposures cve., http://cve.mitre.org
Yamaguchi, F., Wressnegger, C., Gascon, H., Rieck, K.: Chucky: exposing missing checks in source code for vulnerability discovery. In: ACM SIGSAC Conference on Computer & Communications Security, pp. 499–510 (2013)
Burnim, J., Sen, K.: Heuristics for scalable dynamic test generation. In: IEEE/ACM Int’l Conf. on Automated Software Engineering, pp. 443–446 (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Li, H., Kwon, H., Kwon, J., Lee, H. (2014). A Scalable Approach for Vulnerability Discovery Based on Security Patches. In: Batten, L., Li, G., Niu, W., Warren, M. (eds) Applications and Techniques in Information Security. ATIS 2014. Communications in Computer and Information Science, vol 490. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-45670-5_11
Download citation
DOI: https://doi.org/10.1007/978-3-662-45670-5_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-45669-9
Online ISBN: 978-3-662-45670-5
eBook Packages: Computer ScienceComputer Science (R0)