Towards Practical Binary Code Similarity Detection: Vulnerability Verification via Patch Semantic Analysis
-
Published:2023-09-30
Issue:6
Volume:32
Page:1-29
-
ISSN:1049-331X
-
Container-title:ACM Transactions on Software Engineering and Methodology
-
language:en
-
Short-container-title:ACM Trans. Softw. Eng. Methodol.
Author:
Yang Shouguo1ORCID,
Xu Zhengzi2ORCID,
Xiao Yang1ORCID,
Lang Zhe1ORCID,
Tang Wei3ORCID,
Liu Yang2ORCID,
Shi Zhiqiang1ORCID,
Li Hong1ORCID,
Sun Limin1ORCID
Affiliation:
1. Institute of Information Engineering, Chinese Academy of Sciences, China and School of Cyber Security, University of Chinese Academy of Sciences, China
2. School of Computer Science and Engineering, Nanyang Technological University, Singapore
3. School of Software, Tsinghua University, China
Abstract
Vulnerability is a major threat to software security. It has been proven that binary code similarity detection approaches are efficient to search for recurring vulnerabilities introduced by code sharing in binary software. However, these approaches suffer from high false-positive rates (FPRs) since they usually take the patched functions as vulnerable, and they usually do not work well when binaries are compiled with different compilation settings.
To this end, we propose an approach, named
Robin
, to confirm recurring vulnerabilities by filtering out patched functions.
Robin
is powered by a lightweight symbolic execution to solve the set of function inputs that can lead to the vulnerability-related code. It then executes the target functions with the same inputs to capture the vulnerable or patched behaviors for patched function filtration. Experimental results show that
Robin
achieves high accuracy for patch detection across different compilers and compiler optimization levels respectively on 287 real-world vulnerabilities of 10 different software. Based on accurate patch detection,
Robin
significantly reduces the false-positive rate of state-of-the-art vulnerability detection tools (by 94.3% on average), making them more practical.
Robin
additionally detects 12 new potentially vulnerable functions.
Funder
National Key R&D Program of China
Strategic Priority Research Program of Chinese Academy of Sciences
Joint Fund Cultivation Project of National Natural Science Foundation of China
Science and Technology Project of State Grid Corporation of China
National Natural Science Foundation of China
Young Scientists Fund of the National Natural Science Foundation of China
Chinese National Natural Science Foundation
Publisher
Association for Computing Machinery (ACM)
Reference65 articles.
1. 2010. angr. Retrieved February 15 2021 from https://angr.io/
2. 2015. CVE - CVE-2015-0288. Retrieved February 21 2021 from https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0288
3. 2018. the-overlooked-problem-of-n-day-vulnerabilities. Retrieved February 08 2021 from https://www.darkreading.com/vulnerabilities-threats/the-overlooked-problem-of-n-day-vulnerabilities
4. CVE - CVE-2015-0209;R,2021
5. CVE - CVE-2015-0289;R,2021