A scalable approach for vulnerability discovery based on security patches

Hongzhe Li, Hyuckmin Kwon, Jonghoon Kwon, Heejo Lee

Research output: Contribution to journalArticle

3 Citations (Scopus)

Abstract

Software vulnerability has long been considered an important threat to the system safety. A vulnerability often gets reproduced due to the frequent code reuse by programmers. Security patches are often not propagated to all code clones, however they could be leveraged to discover unknown vulnerabilities. Static auditing approaches are frequently proposed to scan code for security flaws, unfortunately, they often generate too many false positives. While dynamic execution analysis can precisely report vulnerabilities, they are in effective in path exploration which limits them to scale to large programs. In this paper, we propose a scalable approach to discover vulnerabilities in real world programs based on released security patches. We use a fast and scalable syntax-based way to find code clones and then, we verify the code clones using concolic testing to dramatically decrease the false positives. Besides, we mitigate the path explosion problem by backward data tracing in concolic execution. We conducted experiments with real world open source projects (Linux Ubuntu OS distributions and program packages) and we reported 7 real vulnerabilities out of 63 code clones found in Ubuntu 14.04 LTS. In one step further, we have confirmed more code clone vulnerabilities in various versions of programs including Apache and Rsyslog. Meanwhile, we also tested the effectiveness of vulnerability verification with test cases from Juliet Test Suite. The result showed that our verification method achieved 98% accuracy with 0 false positives.

Original languageEnglish
Pages (from-to)109-122
Number of pages14
JournalCommunications in Computer and Information Science
Volume490
DOIs
Publication statusPublished - 2014 Jan 1

Fingerprint

Security systems
Dynamic analysis
Explosions
Defects
Testing
Experiments
Linux

ASJC Scopus subject areas

  • Computer Science(all)

Cite this

A scalable approach for vulnerability discovery based on security patches. / Li, Hongzhe; Kwon, Hyuckmin; Kwon, Jonghoon; Lee, Heejo.

In: Communications in Computer and Information Science, Vol. 490, 01.01.2014, p. 109-122.

Research output: Contribution to journalArticle

@article{f6ae48209077405facb7bfe3b0b0203b,
title = "A scalable approach for vulnerability discovery based on security patches",
abstract = "Software vulnerability has long been considered an important threat to the system safety. A vulnerability often gets reproduced due to the frequent code reuse by programmers. Security patches are often not propagated to all code clones, however they could be leveraged to discover unknown vulnerabilities. Static auditing approaches are frequently proposed to scan code for security flaws, unfortunately, they often generate too many false positives. While dynamic execution analysis can precisely report vulnerabilities, they are in effective in path exploration which limits them to scale to large programs. In this paper, we propose a scalable approach to discover vulnerabilities in real world programs based on released security patches. We use a fast and scalable syntax-based way to find code clones and then, we verify the code clones using concolic testing to dramatically decrease the false positives. Besides, we mitigate the path explosion problem by backward data tracing in concolic execution. We conducted experiments with real world open source projects (Linux Ubuntu OS distributions and program packages) and we reported 7 real vulnerabilities out of 63 code clones found in Ubuntu 14.04 LTS. In one step further, we have confirmed more code clone vulnerabilities in various versions of programs including Apache and Rsyslog. Meanwhile, we also tested the effectiveness of vulnerability verification with test cases from Juliet Test Suite. The result showed that our verification method achieved 98{\%} accuracy with 0 false positives.",
author = "Hongzhe Li and Hyuckmin Kwon and Jonghoon Kwon and Heejo Lee",
year = "2014",
month = "1",
day = "1",
doi = "10.1007/978-3-662-45670-5",
language = "English",
volume = "490",
pages = "109--122",
journal = "Communications in Computer and Information Science",
issn = "1865-0929",
publisher = "Springer Verlag",

}

TY - JOUR

T1 - A scalable approach for vulnerability discovery based on security patches

AU - Li, Hongzhe

AU - Kwon, Hyuckmin

AU - Kwon, Jonghoon

AU - Lee, Heejo

PY - 2014/1/1

Y1 - 2014/1/1

N2 - Software vulnerability has long been considered an important threat to the system safety. A vulnerability often gets reproduced due to the frequent code reuse by programmers. Security patches are often not propagated to all code clones, however they could be leveraged to discover unknown vulnerabilities. Static auditing approaches are frequently proposed to scan code for security flaws, unfortunately, they often generate too many false positives. While dynamic execution analysis can precisely report vulnerabilities, they are in effective in path exploration which limits them to scale to large programs. In this paper, we propose a scalable approach to discover vulnerabilities in real world programs based on released security patches. We use a fast and scalable syntax-based way to find code clones and then, we verify the code clones using concolic testing to dramatically decrease the false positives. Besides, we mitigate the path explosion problem by backward data tracing in concolic execution. We conducted experiments with real world open source projects (Linux Ubuntu OS distributions and program packages) and we reported 7 real vulnerabilities out of 63 code clones found in Ubuntu 14.04 LTS. In one step further, we have confirmed more code clone vulnerabilities in various versions of programs including Apache and Rsyslog. Meanwhile, we also tested the effectiveness of vulnerability verification with test cases from Juliet Test Suite. The result showed that our verification method achieved 98% accuracy with 0 false positives.

AB - Software vulnerability has long been considered an important threat to the system safety. A vulnerability often gets reproduced due to the frequent code reuse by programmers. Security patches are often not propagated to all code clones, however they could be leveraged to discover unknown vulnerabilities. Static auditing approaches are frequently proposed to scan code for security flaws, unfortunately, they often generate too many false positives. While dynamic execution analysis can precisely report vulnerabilities, they are in effective in path exploration which limits them to scale to large programs. In this paper, we propose a scalable approach to discover vulnerabilities in real world programs based on released security patches. We use a fast and scalable syntax-based way to find code clones and then, we verify the code clones using concolic testing to dramatically decrease the false positives. Besides, we mitigate the path explosion problem by backward data tracing in concolic execution. We conducted experiments with real world open source projects (Linux Ubuntu OS distributions and program packages) and we reported 7 real vulnerabilities out of 63 code clones found in Ubuntu 14.04 LTS. In one step further, we have confirmed more code clone vulnerabilities in various versions of programs including Apache and Rsyslog. Meanwhile, we also tested the effectiveness of vulnerability verification with test cases from Juliet Test Suite. The result showed that our verification method achieved 98% accuracy with 0 false positives.

UR - http://www.scopus.com/inward/record.url?scp=84911877884&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84911877884&partnerID=8YFLogxK

U2 - 10.1007/978-3-662-45670-5

DO - 10.1007/978-3-662-45670-5

M3 - Article

AN - SCOPUS:84911877884

VL - 490

SP - 109

EP - 122

JO - Communications in Computer and Information Science

JF - Communications in Computer and Information Science

SN - 1865-0929

ER -