vuddy a scalable approach for
play

VUDDY: A Scalable Approach for Vulnerable Code Clone Detection - PowerPoint PPT Presentation

Aug 15, 2022 •104 likes •618 views

IEEE S&P 2017 VUDDY: A Scalable Approach for Vulnerable Code Clone Detection Seulbae Kim , Seunghoon Woo, Heejo Lee, and Hakjoo Oh Korea University May 23, 2017 Question Number of unpatched vulnerabilities in smartphone firmwares

  1. IEEE S&P 2017 VUDDY: A Scalable Approach for Vulnerable Code Clone Detection Seulbae Kim , Seunghoon Woo, Heejo Lee, and Hakjoo Oh Korea University May 23, 2017

  2. Question • Number of unpatched vulnerabilities in smartphone firmware’s source code? 200+ unpatched vulnerable code clones detected! Computer & Communication Security Lab., Korea University 1

  3. Motivation • Number of open source software is increasing Computer & Communication Security Lab., Korea University 2

  4. Motivation • Code clones – reused code fragments • Major cause of vulnerability propagation CVE-2016-5195 Computer & Communication Security Lab., Korea University 3

  5. Problem: Scalable & Accurate Vulnerable Code Clone Discovery Computer & Communication Security Lab., Korea University 4

  6. Scalable & Accurate Vulnerable Code Clone discovery • Scalability Software systems are getting bigger Linux kernel – 25.4 MLoC accuracy “L” Smart TV – 35 MLoC scalability Computer & Communication Security Lab., Korea University 5

  7. Scalable & Accurate Vulnerable Code Clone discovery • Accuracy scalability FP == increased time and efforts accuracy Computer & Communication Security Lab., Korea University 6

  8. Scalable & Accurate Vulnerable Code Clone discovery • Previous approaches accuracy Line-level Token-level matching matching Jang et al., Kamiya et al., Graph/tree ReDeBug (S&P’12) CCFinder (TSE’02) matching Bag-of-tokens Jiang et al ., (ICSE’07) matching Sasaki et al., Sajnani et al., FCFinder (MSR’10) SourcererCC (ICSE’16) File-level matching scalability Computer & Communication Security Lab., Korea University 7

  9. Scalable & Accurate Vulnerable Code Clone discovery • Goal accuracy ? Line-level Token-level matching matching Jang et al., Kamiya et al., Graph/tree ReDeBug (S&P’12) CCFinder (TSE’02) matching Bag-of-tokens Jiang et al ., (ICSE’07) matching Sasaki et al., Sajnani et al., FCFinder (MSR’10) SourcererCC (ICSE’16) File-level matching scalability Computer & Communication Security Lab., Korea University 8

  10. Proposed Method: VUDDY Computer & Communication Security Lab., Korea University 9

  11. Demonstration of VUDDY Computer & Communication Security Lab., Korea University 10

  12. Proposed method: VUDDY • VUDDY: VUlnerable coDe clone DiscoverY Computer & Communication Security Lab., Korea University 11

  13. Proposed method: VUDDY • VUDDY: VUlnerable coDe clone DiscoverY • Searches for vulnerable code clones Computer & Communication Security Lab., Korea University 12

  14. Proposed method: VUDDY • VUDDY: VUlnerable coDe clone DiscoverY • Searches for vulnerable code clones • Scales beyond 1 BLoC target Computer & Communication Security Lab., Korea University 13

  15. Proposed method: VUDDY • VUDDY: VUlnerable coDe clone DiscoverY • Searches for vulnerable code clones • Scales beyond 1 BLoC target • Detects both known & unknown vulnerability Computer & Communication Security Lab., Korea University 14

  16. Proposed method: VUDDY • VUDDY: VUlnerable coDe clone DiscoverY • Searches for vulnerable code clones • Scales beyond 1 BLoC target • Detects both known & unknown vulnerability • Low false positive rate Computer & Communication Security Lab., Korea University 15

  17. Proposed method: VUDDY • Overview fingerprinting dictionary vulnerable functions fingerprint dictionary comparison vulnerable of vulnerable functions code clones fingerprinting A Program a target program fingerprint dictionary of target functions Computer & Communication Security Lab., Korea University 16

  18. Collecting vulnerable code • Vulnerability patching Old code New code CVE patch (vulnerable) (fixed) Computer & Communication Security Lab., Korea University 17

  19. Collecting vulnerable code • Reconstructing vulnerability from security patch Old code Software repository CVE patch (vulnerable) Computer & Communication Security Lab., Korea University 18

  20. Fingerprinting a program A Program Computer & Communication Security Lab., Korea University 19

  21. Fingerprinting a program 1. Retrieve all functions from a program int sum (int a, int b) { return a + b; } void increment() { int num = 80; A Program num++; // no return } void printer (char* src) { printf(“%s”, src); } Computer & Communication Security Lab., Korea University 20

  22. Fingerprinting a program 2. Apply abstraction and normalization to functions int sum (int a, int b) { returnfparam+fparam; return a + b; } void increment() { int num = 80; dtypelvar=80;lvar++; A Program num++; // no return } void printer (char* src) { funccall (“%s”, fparam); printf (“%s”, src); } Computer & Communication Security Lab., Korea University 21

  23. Fingerprinting a program 3. Compute length and hash value int sum (int a, int b) length : 20 { returnfparam+fparam; return a + b; hash val: C94D9910… } void increment() { length : 20 int num = 80; dtypelvar=80;lvar++; A Program hash val: D6E77882… num++; // no return } void printer (char* src) length : 23 { funccall (“%s”, fparam); printf (“%s”, src); hash val: 9A45E4A1… } Computer & Communication Security Lab., Korea University 22

  24. Fingerprinting a program 4. Store in a dictionary length : 20 hash val: C94D9910… “Fingerprint dictionary” 20: [C94D9910, D6E77882] length : 20 A Program hash val: D6E77882… 23: [9A45E4A1] length : 23 hash val: 9A45E4A1… Computer & Communication Security Lab., Korea University 23

  25. Abstraction • Transform function by replacing • Formal parameters Level 0: No abstraction • Data types 1 void avg (float arr [], int len ) { 2 static float sum = 0; • Local variables 3 unsigned int i; 4 • Function names 5 for (i = 0; i < len ; i++) { 6 sum += arr [i]; 7 } 8 9 printf (“%f %d \ n”, sum/ len , validate (sum)); 10 } Computer & Communication Security Lab., Korea University 24

  26. Abstraction • Transform function by replacing • Formal parameters Level 1: Formal parameter abstraction 1 void avg (float FPARAM [], int FPARAM ) { • Data types 2 static float sum = 0; • Local variables 3 unsigned int i; 4 • Function names 5 for (i = 0; i < FPARAM ; i++) { 6 sum += FPARAM [i]; 7 } 8 9 printf (“%f %d \ n”, sum/ FPARAM , validate (sum)); 10 } Computer & Communication Security Lab., Korea University 25

  27. Abstraction • Transform function by replacing • Formal parameters Level 2: Local variable name abstraction 1 void avg (float FPARAM[], int FPARAM) { • Data types 2 static float LVAR = 0; • Local variables 3 unsigned int LVAR ; 4 • Function names 5 for ( LVAR = 0; LVAR < FPARAM; LVAR ++) { 6 LVAR += FPARAM[ LVAR ]; 7 } 8 9 printf (“%f %d \ n”, LVAR /FPARAM, validate ( LVAR )); 10 } Computer & Communication Security Lab., Korea University 26

  28. Abstraction • Transform function by replacing • Formal parameters Level 3: Data type abstraction 1 DTYPE avg ( DTYPE FPARAM[], DTYPE FPARAM) { • Data types 2 DTYPE LVAR = 0; • Local variables 3 unsigned DTYPE LVAR; 4 • Function names 5 for (LVAR = 0; LVAR < FPARAM; LVAR ++) { 6 LVAR += FPARAM[LVAR]; 7 } 8 9 printf (“%f %d \ n”, LVAR/FPARAM, validate (LVAR)); 10 } Computer & Communication Security Lab., Korea University 27

  29. Abstraction • Transform function by replacing • Formal parameters Level 4: Function call abstraction 1 DTYPE avg (DTYPE FPARAM[], DTYPE FPARAM) { • Data types 2 DTYPE LVAR = 0; • Local variables 3 unsigned DTYPE LVAR; 4 • Function names 5 for (LVAR = 0; LVAR < FPARAM; LVAR ++) { 6 LVAR += FPARAM[LVAR]; 7 } 8 9 FUNCCALL (“%f %d \ n”, LVAR/FPARAM, FUNCCALL (LVAR)); 10 } Computer & Communication Security Lab., Korea University 28

  30. Normalization • Remove • comments 1 DTYPE avg (DTYPE FPARAM[], DTYPE FPARAM) { • tabs 2 DTYPE LVAR = 0; • white spaces 3 unsigned DTYPE LVAR; 4 • CRLF 5 for (LVAR = 0; LVAR < FPARAM; LVAR ++) { 6 LVAR += FPARAM[LVAR]; • Convert into lowercase 7 } 8 9 FUNCCALL (“%f %d \ n”, LVAR/FPARAM, FUNCCALL (LVAR)); 10 } dtypelvar=0;unsigneddtypelvar;for(lvar=0;lvar<fparam;lvar++){lvar+=fparam[lvar];} funccall (“% f %d\n ”, lvar/fparam, funccall (lvar)); Computer & Communication Security Lab., Korea University 29

  31. Vulnerable code clone detection • By comparing two fingerprint dictionaries repository fingerprint dictionary of vulnerable functions Computer & Communication Security Lab., Korea University 30

  32. Vulnerable code clone detection • By comparing two fingerprint dictionaries repository fingerprint dictionary of vulnerable functions target program fingerprint dictionary of target functions Computer & Communication Security Lab., Korea University 31

  33. Vulnerable code clone detection • By comparing two fingerprint dictionaries 20: [ABCDEF01, C94D9910] 21: [D155F630] 22: [C67F45FD, DDBF3838] repository fingerprint dictionary of vulnerable functions 20: [C94D9910, D6E77882] 23: [9A45E4A1] target program fingerprint dictionary of target functions Computer & Communication Security Lab., Korea University 32

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Lightcuts: A Scalable Lightcuts: A Scalable Approach to Illumination Approach to Illumination

Lightcuts: A Scalable Lightcuts: A Scalable Approach to Illumination Approach to Illumination

Lightcuts: A Scalable Lightcuts: A Scalable Approach to Illumination Approach to Illumination Bruce Walter, Sebastian Fernandez, Adam Arbree, Mike Donikian, Kavita Bala, Donald Greenberg Program of Computer Graphics, Cornell University

715 views • 70 slides
A Scalable Scalable Approach Approach A for for Large- -Scale Scale Schema Schema

A Scalable Scalable Approach Approach A for for Large- -Scale Scale Schema Schema

A Scalable Scalable Approach Approach A for for Large- -Scale Scale Schema Schema Mediation Mediation Large Khalid Saleem, Zohra Bellahsne LIRMM CNRS/Universit Montpellier 2, France Outline Outline Introduction The

422 views • 21 slides
The Scalable Commutativity Rule: Designing Scalable Software for Multicore Processors Austin T.

The Scalable Commutativity Rule: Designing Scalable Software for Multicore Processors Austin T.

The Scalable Commutativity Rule: Designing Scalable Software for Multicore Processors Austin T. Clements M. Frans Kaashoek Nickolai Zeldovich Robert Morris Eddie Kohler MIT CSAIL and Harvard Current approach to scalable software

1.48k views • 55 slides
CO 2 Mineralisation - a scalable &amp; profitable approach to industrial CCS Michael Priestnall

CO 2 Mineralisation - a scalable &amp; profitable approach to industrial CCS Michael Priestnall

CO 2 Mineralisation - a scalable &amp; profitable approach to industrial CCS Michael Priestnall CEO, Cambridge Carbon Capture Ltd Industry Chair, Mineralisation Cluster, UK CO2Chem Network CO2 Re-Use Workshop (JRC DG CLIMA) Brussels, 7 th June

439 views • 19 slides
A Scalable Approach to Attack Graph Generation By Ou, Boyer, McQueen Presented By: Philip Koshy

A Scalable Approach to Attack Graph Generation By Ou, Boyer, McQueen Presented By: Philip Koshy

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA A Scalable Approach to Attack Graph Generation By Ou, Boyer,

591 views • 33 slides
Lightcuts: A Scalable Approach to Illumination Authored by: Bruce Walter, Sebastian Fernandez,

Lightcuts: A Scalable Approach to Illumination Authored by: Bruce Walter, Sebastian Fernandez,

Lightcuts: A Scalable Approach to Illumination Authored by: Bruce Walter, Sebastian Fernandez, Adam Arbree, Kavita Bala, Michael Donikian, Donald P. Greenberg Presented by: Brian Phlipot and Sean Ryan Outline Introduction o What is

424 views • 21 slides
The Parks McClellan algorithm: a scalable approach for designing FIR filters Silviu Filip under

The Parks McClellan algorithm: a scalable approach for designing FIR filters Silviu Filip under

The Parks McClellan algorithm: a scalable approach for designing FIR filters Silviu Filip under the supervision of N. Brisebarre and G. Hanrot (AriC, LIP, ENS Lyon) Rencontres Arithmtiques de lInformatique Mathmatique (RAIM) Rennes,

749 views • 47 slides
A Scalable Decomposition Approach for Stochastic Mixed-Integer Programs Kibaek Kim Jointly work

A Scalable Decomposition Approach for Stochastic Mixed-Integer Programs Kibaek Kim Jointly work

A Scalable Decomposition Approach for Stochastic Mixed-Integer Programs Kibaek Kim Jointly work with Brian Dandurand (ANL), Cosmin Petra (LLNL), and Victor Zavala (UW-Madison) Mathematics and Computer Science Division Argonne National

474 views • 46 slides
A Scalable Approach to Incrementally Building Knowledge Graphs Gleb Gawriljuk (KIT), Andreas

A Scalable Approach to Incrementally Building Knowledge Graphs Gleb Gawriljuk (KIT), Andreas

A Scalable Approach to Incrementally Building Knowledge Graphs Gleb Gawriljuk (KIT), Andreas Harth (KIT), Craig A. Knoblock (USC), Pedro Szekely (USC) INSTITUTE AIFB, CHAIRS OF KNOWLEDGE MANAGEMENT AND WEB SCIENCE

636 views • 30 slides
The Scalable Petascale Data-Driven Approach for the Cholesky Factorization with multiple GPUs

The Scalable Petascale Data-Driven Approach for the Cholesky Factorization with multiple GPUs

The Scalable Petascale Data-Driven Approach for the Cholesky Factorization with multiple GPUs Yuki Tsujita, Toshio Endo, Katsuki Fujisawa Tokyo Institute of Technology, Japan ESPM2 2015@Austin Texas, USA 1 What is the Cholesky factorization?

743 views • 25 slides
Scalable preference disaggregation: A multiple criteria sorting approach based on the MapReduce

Scalable preference disaggregation: A multiple criteria sorting approach based on the MapReduce

Scalable preference disaggregation: A multiple criteria sorting approach based on the MapReduce framework Jiapeng Liu November 22, 2018 School of Management Xian Jiaotong University P.R. China 1 Introduction Multiple criteria sorting

622 views • 39 slides
Towards Scalable Real-Time Entity Resolution using a Similarity-Aware Inverted Index Approach

Towards Scalable Real-Time Entity Resolution using a Similarity-Aware Inverted Index Approach

Towards Scalable Real-Time Entity Resolution using a Similarity-Aware Inverted Index Approach Peter Christen 1 and Ross Gayler 2 1 Department of Computer Science, ANU College of Engineering and Computer Science, The Australian National

541 views • 20 slides
Scalable String Matching on the Scalable String Matching on the Scalable String Matching on the

Scalable String Matching on the Scalable String Matching on the Scalable String Matching on the

Scalable String Matching on the Scalable String Matching on the Scalable String Matching on the Cell BE Processor BE Processor Cell Cell BE Processor Daniele Scarpazza, Oreste Villa, Fabrizio Petrini Applied Computer Science Group Pacific

408 views • 21 slides
Cache Coherence in Scalable Machines Scalable Cache Coherent Systems Scalable, distributed

Cache Coherence in Scalable Machines Scalable Cache Coherent Systems Scalable, distributed

Cache Coherence in Scalable Machines Scalable Cache Coherent Systems Scalable, distributed memory plus coherent replication Scalable distributed memory machines P-C-M nodes connected by network communication assist interprets

1.13k views • 87 slides
A Massively Scalable Architecture for Learning Representations from Heterogeneous Graphs NVIDIA

A Massively Scalable Architecture for Learning Representations from Heterogeneous Graphs NVIDIA

A Massively Scalable Architecture for Learning Representations from Heterogeneous Graphs NVIDIA GPU Technology Conference 2019 - San Jose, CA C. Bayan Bruss Anish Khazane 1. Overview &amp; Background TODAYS TALK 2. Our Approach How to

680 views • 54 slides
Jason Baumgartner, Hari Mony, Michael Case, Jun Sawada and Karen Yorav IBM Corporation FMCAD

Jason Baumgartner, Hari Mony, Michael Case, Jun Sawada and Karen Yorav IBM Corporation FMCAD

Scalable Conditional Equivalence Checking: Scalable Conditional Equivalence Checking: An Automated Invariant- -Generation Based Approach Generation Based Approach An Automated Invariant Jason Baumgartner, Hari Mony, Michael Case, Jun Sawada

491 views • 24 slides
CS 162 Intro to Computer Science II Makefiles 1 Outline

CS 162 Intro to Computer Science II Makefiles 1 Outline

CS 162 Intro to Computer Science II Makefiles 1 Outline Terminology Makefile Contents Rules Targets Dependencies Variables 2

341 views • 17 slides
Anne Bracy CS 3410 Computer Science Cornell University The slides are the product of many

Anne Bracy CS 3410 Computer Science Cornell University The slides are the product of many

Anne Bracy CS 3410 Computer Science Cornell University The slides are the product of many rounds of teaching CS 3410 by Professors Weatherspoon, Bala, Bracy, and Sirer. See P&amp;H Chapter: 2.16-2.20, 4.1-4.4, Appendix B Understanding the

576 views • 46 slides
CS 104 Computer Organization and Design Branch Prediction CS104:Branch Prediction 1 Branch

CS 104 Computer Organization and Design Branch Prediction CS104:Branch Prediction 1 Branch

CS 104 Computer Organization and Design Branch Prediction CS104:Branch Prediction 1 Branch Prediction Quick Overview App App App Now that we know about SRAMs System software Mem CPU I/O CS104: Branch Prediction 2 Branch

677 views • 21 slides
On the Construction of ivas utra -Alphabets Wiebke Petersen Institute of Language and

On the Construction of ivas utra -Alphabets Wiebke Petersen Institute of Language and

Introduction ivas utras and praty ah aras S-sortability Minimality of the ivas utras On the Construction of ivas utra -Alphabets Wiebke Petersen Institute of Language and Information University of Dsseldorf, Germany

1.86k views • 102 slides
CIS 371 Computer Organization and Design Unit 5: Pipelining Based on slides by Prof. Amir Roth

CIS 371 Computer Organization and Design Unit 5: Pipelining Based on slides by Prof. Amir Roth

CIS 371 Computer Organization and Design Unit 5: Pipelining Based on slides by Prof. Amir Roth &amp; Prof. Milo Martin CIS 371: Comp. Org. | Prof. Milo Martin | Pipelining 1 This Unit: Pipelining Processor performance App App App

1.45k views • 109 slides
CS7038 - Malware Analysis - Wk02.1 Attack Introduction Coleman Kane kaneca@mail.uc.edu January

CS7038 - Malware Analysis - Wk02.1 Attack Introduction Coleman Kane kaneca@mail.uc.edu January

CS7038 - Malware Analysis - Wk02.1 Attack Introduction Coleman Kane kaneca@mail.uc.edu January 17, 2017 Content This lecture covers the following concepts: Setting up lab environments in VirtualBox Utilizing networking and

226 views • 8 slides
Recognizing objects and actions in Finding boundaries images and video Recognizing

Recognizing objects and actions in Finding boundaries images and video Recognizing

Outline Recognizing objects and actions in Finding boundaries images and video Recognizing objects Jitendra Malik Recognizing actions U.C. Berkeley University of California University of California Computer Vision Group

318 views • 7 slides
Concurrency http://csunplugged.org/routing-and-deadlock Fundamentals of Computer Science Outline

Concurrency http://csunplugged.org/routing-and-deadlock Fundamentals of Computer Science Outline

Concurrency http://csunplugged.org/routing-and-deadlock Fundamentals of Computer Science Outline Multi-threaded programs Multiple simultaneous paths of execution Seemingly at once (single core) Actually at the same time (multiple

191 views • 16 slides

More recommend