基於污點分析引導的復現漏洞偵測

楊昌明; Chang-Ming Yang

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/88436

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	蕭旭君	zh_TW
dc.contributor.advisor	Hsu-Chun Hsiao	en
dc.contributor.author	楊昌明	zh_TW
dc.contributor.author	Chang-Ming Yang	en
dc.date.accessioned	2023-08-15T16:17:44Z	-
dc.date.available	2023-11-09	-
dc.date.copyright	2023-08-15	-
dc.date.issued	2023	-
dc.date.submitted	2023-07-28	-
dc.identifier.citation	Common vulnerabilities and exposures, 2023. Open source security and risk analysis report, 2023. P. E. Black and P. E. Black. Juliet 1.3 test suite: Changes from 1.2. US Department of Commerce, National Institute of Standards and Technology, 2018. C. Calcagno and D. Distefano. Infer: An automatic program verifier for memory safety of c programs. In M. Bobaru, K. Havelund, G. J. Holzmann, and R. Joshi, editors, NASA Formal Methods, pages 459–465, Berlin, Heidelberg, 2011. Springer Berlin Heidelberg. Y. David, N. Partush, and E. Yahav. Firmup: Precise static detection of common vulnerabilities in firmware. In Proceedings of the Twenty-Third International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS ’18, page 392–404, New York, NY, USA, 2018. Association for Computing Machinery. S. Eschweiler, K. Yakdan, E. Gerhards-Padilla, et al. discovre: Efficient crossarchitecture identification of bugs in binary code. In Ndss, volume 52, pages 58–79, 2016. H. Jang, K. Yang, G. Lee, Y. Na, J. D. Seideman, S. Luo, H. Lee, and S. Dietrich. Quickbcc: Quick and scalable binary vulnerable code clone detection. In ICT Systems Security and Privacy Protection: 36th IFIP TC 11 International Conference, SEC 2021, Oslo, Norway, June 22–24, 2021, Proceedings, pages 66–82. Springer, 2021. W. Kang, B. Son, and K. Heo. Tracer: Signature-based static analysis for detecting recurring vulnerabilities. In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, CCS ’22, page 1695–1708, New York, NY, USA, 2022. Association for Computing Machinery. S. Kim, S. Woo, H. Lee, and H. Oh. Vuddy: A scalable approach for vulnerable code clone discovery. In 2017 IEEE Symposium on Security and Privacy (SP), pages 595– 614, May 2017. Z. Li, D. Zou, S. Xu, H. Jin, H. Qi, and J. Hu. Vulpecker: An automated vulnerability detection system based on code similarity analysis. In Proceedings of the 32nd Annual Conference on Computer Security Applications, ACSAC ’16, page 201– 213, New York, NY, USA, 2016. Association for Computing Machinery. J. Pewny, B. Garmany, R. Gawlik, C. Rossow, and T. Holz. Cross-architecture bug search in binary executables. In 2015 IEEE Symposium on Security and Privacy, pages 709–724, May 2015. J. Pewny, F. Schuster, L. Bernhard, T. Holz, and C. Rossow. Leveraging semantic signatures for bug search in binary programs. In Proceedings of the 30th Annual Computer Security Applications Conference, ACSAC ’14, page 406–415, New York, NY, USA, 2014. Association for Computing Machinery. N. H. Pham, T. T. Nguyen, H. A. Nguyen, and T. N. Nguyen. Detection of recurring software vulnerabilities. In Proceedings of the 25th IEEE/ACM International Conference on Automated Software Engineering, ASE ’10, page 447–456, New York, NY, USA, 2010. Association for Computing Machinery. J. W. Ratcliff and D. E. Metzener. Pattern-matching-the gestalt approach. Dr Dobbs Journal, 13(7):46, 1988. Y. Xiao, B. Chen, C. Yu, Z. Xu, Z. Yuan, F. Li, B. Liu, Y. Liu, W. Huo, W. Zou, and W. Shi. MVP: Detecting vulnerabilities using Patch-Enhanced vulnerability signatures. In 29th USENIX Security Symposium (USENIX Security 20), pages 1165–1182. USENIX Association, Aug. 2020. Y. Xiao, Z. Xu, W. Zhang, C. Yu, L. Liu, W. Zou, Z. Yuan, Y. Liu, A. Piao, and W. Huo. Viva: Binary level vulnerability identification via partial signature. In 2021 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER), pages 213–224, March 2021. F. Yamaguchi, N. Golde, D. Arp, and K. Rieck. Modeling and discovering vulnerabilities with code property graphs. In 2014 IEEE Symposium on Security and Privacy, pages 590–604, May 2014.	-
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/88436	-
dc.description.abstract	復現漏洞是一種與特定已知漏洞相似的漏洞，它通常是由程式碼重複使用所造成的。開發人員經常複製開源的程式碼來實現特定的功能。然而，假如開源的程式碼含有漏洞的話，則這種程式碼重複使用的行為會使這些漏洞在開發人員無察覺的情況下以另一種形式存在。為了偵測復現漏洞，研究人員致力於開發一些強大的技術。然而，他們往往無法同時實現高準確性、高擴展性和高漏洞類型覆蓋率。近期，Kang 等人將污點分析引入了這個領域，他們不僅提高了準確性也維持高擴展性，但漏洞類型覆蓋率較低。為了使基於汙點分析的方法能支援更多的漏洞類型，我們提出了一種更通用的方法 OpSMatcher。OpSMatcher 使用汙點分析的技術來提取蹤跡。然後，OpSMatcher 從蹤跡中提取運算符和函數調用序列作為特徵。為了匹配漏洞，OpSMatcher 利用字串匹配演算法去計算序列之間的相似性並生成過濾補丁的規則。在我們的實驗中，OpSMatcher 支援 24 種常見的漏洞類型，並且獲得了 0.789 的準確率和 0.730 的召回率。此外，OpSMatcher 還在 Debian 軟體包偵測到了 5 個之前的研究未曾發現的未知復現漏洞。這表明 OpSMatcher 具有較高的漏洞類型覆蓋率並能有效地偵測復現漏洞。	zh_TW
dc.description.abstract	Recurring vulnerability is a kind of vulnerability that is similar to a particular known vulnerability. It is often caused by code reuse. Developers usually copy open-source codes to implement their specific functionality. However, if open-source codes contain vulnerabilities, the behavior of code reuse will make them exist in another form without awareness. To detect recurring vulnerabilities, researchers have dedicated themselves to coming up with some powerful techniques. Nevertheless, they can't achieve high accuracy, high scalability, and high vulnerability type coverage at the same time. Recently, Kang et al. introduced taint analysis into this field. They improve accuracy and maintain high scalability but have a low vulnerability type coverage. To make taint analysis-based approaches support more vulnerability types, we propose a more general approach OpSMatcher. OpSMatcher uses taint analysis techniques to extract traces. Then, OpSMatcher extracts the sequence of operators and function calls from traces as signatures. To match vulnerabilities, OpSMatcher leverages string-matching algorithms to compute the similarity between sequences and make rules to filter patches. In our experiments, OpSMatcher supports 24 kinds of common vulnerabilities and gets 0.789 precision and 0.730 recall. In addition, OpSMatcher also detects 5 unknown recurring vulnerabilities that are never found by previous works in Debian packages. It shows that OpSMatcher has a high vulnerability type coverage and can detect recurring vulnerabilities effectively.	en
dc.description.provenance	Submitted by admin ntu (admin@lib.ntu.edu.tw) on 2023-08-15T16:17:44Z No. of bitstreams: 0	en
dc.description.provenance	Made available in DSpace on 2023-08-15T16:17:44Z (GMT). No. of bitstreams: 0	en
dc.description.tableofcontents	摘要 i Abstract iii Contents v List of Figures vii List of Tables ix Chapter 1 Introduction 1 Chapter 2 Background 5 2.1 Related Work 5 2.2 Motivation 8 Chapter 3 Design 11 3.1 Known Vulnerability Processing 12 3.2 Target Code Processing 13 3.3 Signature Matching 13 Chapter 4 Implementation 15 4.1 Trace Extraction 15 4.2 Feature Extraction 16 4.3 Similarity Computation 16 4.4 Patch Filtering 18 Chapter 5 Evaluation 21 5.1 Setup 21 5.1.1 Research Questions 21 5.1.2 Dataset 21 5.1.3 Evaluation Metric 22 5.1.4 Configuration 23 5.2 RQ1: Effectiveness 23 5.3 RQ2: Comparison 26 Chapter 6 Discussion 31 Chapter 7 Conclusion 33 References 35	-
dc.language.iso	en	-
dc.subject	污點分析	zh_TW
dc.subject	復現漏洞	zh_TW
dc.subject	字串比對	zh_TW
dc.subject	Recurring Vulnerability Detection	en
dc.subject	String Matching	en
dc.subject	Taint Analysis	en
dc.title	基於污點分析引導的復現漏洞偵測	zh_TW
dc.title	Recurring Vulnerability Detection Guided by Taint Analysis	en
dc.type	Thesis	-
dc.date.schoolyear	111-2	-
dc.description.degree	碩士	-
dc.contributor.oralexamcommittee	黃俊穎;黃世昆	zh_TW
dc.contributor.oralexamcommittee	Chun-Ying Huang;Shih-Kun Huang	en
dc.subject.keyword	復現漏洞,污點分析,字串比對,	zh_TW
dc.subject.keyword	Recurring Vulnerability Detection,Taint Analysis,String Matching,	en
dc.relation.page	37	-
dc.identifier.doi	10.6342/NTU202301882	-
dc.rights.note	未授權	-
dc.date.accepted	2023-08-01	-
dc.contributor.author-college	電機資訊學院	-
dc.contributor.author-dept	資訊工程學系	-
顯示於系所單位：	資訊工程學系

文件中的檔案：

檔案	大小	格式
ntu-111-2.pdf 未授權公開取用	1.43 MB	Adobe PDF

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。