Statistical similarity of binaries-Reference-Cited by-同舟云学术

Statistical similarity of binaries

Published:2016-08 Issue:6 Volume:51 Page:266-280
ISSN:0362-1340
Container-title:ACM SIGPLAN Notices
language:en
Short-container-title:SIGPLAN Not.

Author:

David Yaniv¹,Partush Nimrod¹,Yahav Eran¹

Affiliation:

1. Technion, Israel

Abstract

We address the problem of finding similar procedures in stripped binaries. We present a new statistical approach for measuring the similarity between two procedures. Our notion of similarity allows us to find similar code even when it has been compiled using different compilers, or has been modified. The main idea is to use similarity by composition: decompose the code into smaller comparable fragments, define semantic similarity between fragments, and use statistical reasoning to lift fragment similarity into similarity between procedures. We have implemented our approach in a tool called Esh, and applied it to find various prominent vulnerabilities across compilers and versions, including Heartbleed, Shellshock and Venom. We show that Esh produces high accuracy results, with few to no false positives -- a crucial factor in the scenario of vulnerability search in stripped binaries.

Funder

Ministry of Science and Technology, Israel

Seventh Framework Programme

Publisher

Association for Computing Machinery (ACM)

Subject

Computer Graphics and Computer-Aided Design,Software

Link

https://dl.acm.org/doi/pdf/10.1145/2980983.2908126

Reference35 articles.

1. Clobberingtime: Cves and a ffected products. http://www. kb.cert.org/vuls/id/852879. Clobberingtime: Cves and a ffected products. http://www. kb.cert.org/vuls/id/852879.

2. Gnu coreutils. http://www.gnu.org/software/ coreutils. Gnu coreutils. http://www.gnu.org/software/ coreutils.

3. Heartbleed vulnerability cve information. https: //cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2014-0160. Heartbleed vulnerability cve information. https: //cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2014-0160.

4. Hex-rays IDAPRO. http://www.hex-rays.com. Hex-rays IDAPRO. http://www.hex-rays.com.

5. Smack: A bounded software verifier for c programs. https: //github.com/smackers/smack. Smack: A bounded software verifier for c programs. https: //github.com/smackers/smack.

Cited by 39 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. HAformer: Semantic fusion of hex machine code and assembly code for cross-architecture binary vulnerability detection;Computers & Security;2024-10

2. CEBin: A Cost-Effective Framework for Large-Scale Binary Code Similarity Detection;Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis;2024-09-11

3. Vulnerabilities and Security Patches Detection in OSS: A Survey;ACM Computing Surveys;2024-09-09

4. A Semantics-Based Approach on Binary Function Similarity Detection;IEEE Internet of Things Journal;2024-08-01

5. R2I: A Relative Readability Metric for Decompiled Code;Proceedings of the ACM on Software Engineering;2024-07-12