QuickBCC: Quick and Scalable Binary Vulnerable Code Clone Detection

Hajin Jang, Kyeongseok Yang, Geonwoo Lee, Yoonjong Na, Jeremy D. Seideman, Shoufu Luo, Heejo Lee, Sven Dietrich

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Due to code reuse among software packages, vulnerabilities can propagate from one software package to another. Current code clone detection techniques are useful for preventing and managing such vulnerability propagation. When the source code for a software package is not available, such as when working with proprietary or custom software distributions, binary code clone detection can be used to examine software for flaws. However, existing binary code clone detectors have scalability issues, or are limited in their accurate detection of vulnerable code clones. In this paper, we introduce QuickBCC, a scalable binary code clone detection framework designed for vulnerability scanning. The framework was built on the idea of extracting semantics from vulnerable binaries both before and after security patches, and comparing them to target binaries. In order to improve performance, we created a signature based on the changes between the pre- and post-patched binaries, and implemented a filtering process when comparing the signatures to the target binaries. In addition, we leverage the smallest semantic unit, a strand, to improve accuracy and robustness against compile environments. QuickBCC is highly optimized, capable of preprocessing 5,439 target binaries within 111 min, and is able to match those binaries against 6 signatures in 23 s when running as a multi-threaded application. QuickBCC takes, on average, 3 ms to match one target binary. Comparing performance to other approaches, we found that it outperformed other approaches in terms of performance when detecting well known vulnerabilities with acceptable level of accuracy.

Original languageEnglish
Title of host publicationICT Systems Security and Privacy Protection - 36th IFIP TC 11 International Conference, SEC 2021, Proceedings
EditorsAudun Jøsang, Lynn Futcher, Janne Hagen
PublisherSpringer Science and Business Media Deutschland GmbH
Pages66-82
Number of pages17
ISBN (Print)9783030781194
DOIs
Publication statusPublished - 2021
Event36th IFIP International Conference on ICT Systems Security and Privacy Protection, SEC 2021 - Virtual, Online
Duration: 2021 Jun 222021 Jun 24

Publication series

NameIFIP Advances in Information and Communication Technology
Volume625
ISSN (Print)1868-4238
ISSN (Electronic)1868-422X

Conference

Conference36th IFIP International Conference on ICT Systems Security and Privacy Protection, SEC 2021
CityVirtual, Online
Period21/6/2221/6/24

Keywords

  • Binary code clone
  • Patch signature
  • Security vulnerability
  • Static analysis

ASJC Scopus subject areas

  • Information Systems
  • Computer Networks and Communications
  • Information Systems and Management

Fingerprint

Dive into the research topics of 'QuickBCC: Quick and Scalable Binary Vulnerable Code Clone Detection'. Together they form a unique fingerprint.

Cite this