- 學位論文
基於污點分析引導的復現漏洞偵測
Recurring Vulnerability Detection Guided by Taint Analysis
若您是本文的作者,可授權文章由華藝線上圖書館中協助推廣。
摘要
復現漏洞是一種與特定已知漏洞相似的漏洞,它通常是由程式碼重複使用所造成的。開發人員經常複製開源的程式碼來實現特定的功能。然而,假如開源的程式碼含有漏洞的話,則這種程式碼重複使用的行為會使這些漏洞在開發人員無察覺的情況下以另一種形式存在。為了偵測復現漏洞,研究人員致力於開發一些強大的技術。然而,他們往往無法同時實現高準確性、高擴展性和高漏洞類型覆蓋率。近期,Kang 等人將污點分析引入了這個領域,他們不僅提高了準確性也維持高擴展性,但漏洞類型覆蓋率較低。 為了使基於汙點分析的方法能支援更多的漏洞類型,我們提出了一種更通用的方法 OpSMatcher。OpSMatcher 使用汙點分析的技術來提取蹤跡。然後,OpSMatcher 從蹤跡中提取運算符和函數調用序列作為特徵。為了匹配漏洞,OpSMatcher 利用字串匹配演算法去計算序列之間的相似性並生成過濾補丁的規則。在我們的實驗中,OpSMatcher 支援 24 種常見的漏洞類型,並且獲得了 0.789 的準確率和 0.730 的召回率。此外,OpSMatcher 還在 Debian 軟體包偵測到了 5 個之前的研究未曾發現的未知復現漏洞。這表明 OpSMatcher 具有較高的漏洞類型覆蓋率並能有效地偵測復現漏洞。
並列摘要
Recurring vulnerability is a kind of vulnerability that is similar to a particular known vulnerability. It is often caused by code reuse. Developers usually copy open-source codes to implement their specific functionality. However, if open-source codes contain vulnerabilities, the behavior of code reuse will make them exist in another form without awareness. To detect recurring vulnerabilities, researchers have dedicated themselves to coming up with some powerful techniques. Nevertheless, they can't achieve high accuracy, high scalability, and high vulnerability type coverage at the same time. Recently, Kang et al. introduced taint analysis into this field. They improve accuracy and maintain high scalability but have a low vulnerability type coverage. To make taint analysis-based approaches support more vulnerability types, we propose a more general approach OpSMatcher. OpSMatcher uses taint analysis techniques to extract traces. Then, OpSMatcher extracts the sequence of operators and function calls from traces as signatures. To match vulnerabilities, OpSMatcher leverages string-matching algorithms to compute the similarity between sequences and make rules to filter patches. In our experiments, OpSMatcher supports 24 kinds of common vulnerabilities and gets 0.789 precision and 0.730 recall. In addition, OpSMatcher also detects 5 unknown recurring vulnerabilities that are never found by previous works in Debian packages. It shows that OpSMatcher has a high vulnerability type coverage and can detect recurring vulnerabilities effectively.
參考文獻
Common vulnerabilities and exposures, 2023.
Open source security and risk analysis report, 2023.
P. E. Black and P. E. Black. Juliet 1.3 test suite: Changes from 1.2. US Department of Commerce, National Institute of Standards and Technology, 2018.
C. Calcagno and D. Distefano. Infer: An automatic program verifier for memory safety of c programs. In M. Bobaru, K. Havelund, G. J. Holzmann, and R. Joshi, editors, NASA Formal Methods, pages 459–465, Berlin, Heidelberg, 2011. Springer Berlin Heidelberg.
Y. David, N. Partush, and E. Yahav. Firmup: Precise static detection of common vulnerabilities in firmware. In Proceedings of the Twenty-Third International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS ’18, page 392–404, New York, NY, USA, 2018. Association for Computing Machinery.