Skip to main content
SpringerLink
Log in
Book cover

International Symposium on Security in Computing and Communication

SSCC 2016: Security in Computing and Communications pp 390–402Cite as

Discovering Vulnerable Functions: A Code Similarity Based Approach

  • Conference paper
  • First Online:

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 625))

Abstract

This paper extends recent work on vulnerability extrapolation. A surge in vulnerability exploits against old and new softwares, urges the importance of detection of vulnerabilities and possible attacks prior to the attacker. How sophisticated an exploit may be, an underlying prerequisite remains to be the presence of at least one memory corruption bug, serving as entry point for the exploit. Therefore several rigorous software testing techniques are borrowed to detect and eliminate software bugs as early as possible. Code similarity based bug detection is one of such techniques, which, in the parlance of software security, is also termed as vulnerability extrapolation. In this paper, we present a source code similarity based bug identification technique by considering code features that are relevant for security related bugs. Our technique works by enriching (augmenting) abstract syntax trees (ASTs) of functions by considering security relevant properties of the code. We show the effectiveness of the augmented AST based similarity approach over existing methods by evaluating proposed method on real-world applications.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. cppcheck. http://cppcheck.sourceforge.net/

  2. Flawfinder. http://www.dwheeler.com/flawfinder/, d. A. Wheeler

  3. Pscan: a limited problem scanner for c source files. http://deployingradius.com/pscan, a. Dekok

  4. Deerwester, S., Dumais, S.T., Furnas, G.W., Landauer, T.K., Harshman, R.: Indexing by latent semantic analysis. J. Am. Soc. Inf. Sci. 41(6), 391 (1990)

    Article  Google Scholar 

  5. Ducasse, S., Rieger, M., Demeyer, S.: A language independent approach for detecting duplicated code. In: IEEE International Conference on Software Maintenance 1999 (ICSM 1999) Proceedings, pp. 109–118. IEEE (1999)

    Google Scholar 

  6. Evans, D., Larochelle, D.: Improving security using extensible lightweight static analysis. IEEE Softw. 19(1), 42–51 (2002)

    Article  Google Scholar 

  7. Heelan, S.: Vulnerability detection systems: think cyborg, not robot. IEEE Secur. Priv. 9(3), 74–77 (2011)

    Article  Google Scholar 

  8. Kapser, C., Godfrey, M.W.: Toward a taxonomy of clones in source code: a case study. In: Proceedings of the Conference on Evolution of Large Scale Industrial Software Architectures (ELISA 2003), pp. 67–78 (2003)

    Google Scholar 

  9. Kontogiannis, K.A., Demori, R., Merlo, E., Galler, M., Bernstein, M.: Pattern matching for clone and concept detection. In: Reverse Engineering, pp. 77–108. Springer (1996)

    Google Scholar 

  10. Li, Z., Lu, S., Myagmar, S., Zhou, Y.: CP-Miner: finding copy-paste and related bugs in large-scale software code. IEEE Trans. Softw. Eng. 32(3), 176–192 (2006)

    Article  Google Scholar 

  11. Newsome, J., Song, D.: Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In: NDSS. IEEE (2005)

    Google Scholar 

  12. Ransbotham, S.: An empirical analysis of exploitation attempts based on vulnerabilities in open source software. In: WEIS (2010)

    Google Scholar 

  13. Rawat, S., Mounier, L.: Finding buffer overflow inducing loops in binary executables. In: 2012 IEEE Sixth International Conference on Software Security and Reliability (SERE), pp. 177–186. IEEE CSP (2012)

    Google Scholar 

  14. Schwartz, E.J., Avgerinos, T., Brumley, D.: All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask). In: 2010 IEEE symposium on Security and Privacy (SP), pp. 317–331. IEEE (2010)

    Google Scholar 

  15. Sutton, M., Greene, A., Amini, P.: Fuzzing: Brute Force Vulnerability Discovery. Pearson Education, Upper Saddle River (2007)

    Google Scholar 

  16. Viega, J., Bloch, J.T., Kohno, Y., McGraw, G.: ITS4: a static vulnerability scanner for C and C++ code. In: 16th Annual Conference on Computer Security Applications, 2000 (ACSAC 2000), pp. 257–267. IEEE (2000)

    Google Scholar 

  17. Williams, C.C., Hollingsworth, J.K.: Automatic mining of source code repositories to improve bug finding techniques. IEEE Trans. Softw. Eng. 31(6), 466–480 (2005)

    Article  Google Scholar 

  18. Yamaguchi, F., Lindner, F., Rieck, K.: Vulnerability extrapolation: assisted discovery of vulnerabilities using machine learning. In: Proceedings of the 5th USENIX Conference on Offensive Technologies, p. 13. USENIX Association (2011)

    Google Scholar 

  19. Yamaguchi, F., Lottmann, M., Rieck, K.: Generalized vulnerability extrapolation using abstract syntax trees. In: Proceedings of the 28th Annual Computer Security Applications Conference, pp. 359–368. ACM (2012)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. International Institute of Information Technology, Hyderabad, India

    Aditya Chandran, Lokesh Jain, Sanjay Rawat & Kannan Srinathan

Authors
  1. Aditya Chandran
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lokesh Jain
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sanjay Rawat
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Kannan Srinathan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Lokesh Jain .

Editor information

Editors and Affiliations

  1. IBM ZURICH RESEARCH LABORATORY, IBM ZURICH RESEARCH LABORATORY, RUESCHLIKON, Switzerland

    Peter Mueller

  2. Technology and Management, Indian Institute of Information Technology and Management, Kerala, India

    Sabu M. Thampi

  3. Temple University, New York, New York, USA

    Md Zakirul Alam Bhuiyan

  4. Computer Science, University of Waikato Computer Science, Hamilton, New Zealand

    Ryan Ko

  5. Deakin University , Burwood, Victoria, Australia

    Robin Doss

  6. University of the West of Scotland , Paisley, Glasgow, United Kingdom

    Jose M. Alcaraz Calero

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer Nature Singapore Pte Ltd.

About this paper

Cite this paper

Chandran, A., Jain, L., Rawat, S., Srinathan, K. (2016). Discovering Vulnerable Functions: A Code Similarity Based Approach. In: Mueller, P., Thampi, S., Alam Bhuiyan, M., Ko, R., Doss, R., Alcaraz Calero, J. (eds) Security in Computing and Communications. SSCC 2016. Communications in Computer and Information Science, vol 625. Springer, Singapore. https://doi.org/10.1007/978-981-10-2738-3_34

Download citation

  • DOI: https://doi.org/10.1007/978-981-10-2738-3_34

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-10-2737-6

  • Online ISBN: 978-981-10-2738-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation