SPAIN: Security Patch Analysis for Binaries towards Understanding the Pain and Pills

Zhengzi Xu, Bihuan Chen, Mahinthan Chandramohan, Yang Liu, Fu Song
{"title":"SPAIN: Security Patch Analysis for Binaries towards Understanding the Pain and Pills","authors":"Zhengzi Xu, Bihuan Chen, Mahinthan Chandramohan, Yang Liu, Fu Song","doi":"10.1109/ICSE.2017.49","DOIUrl":null,"url":null,"abstract":"Software vulnerability is one of the major threats to software security. Once discovered, vulnerabilities are often fixed by applying security patches. In that sense, security patches carry valuable information about vulnerabilities, which could be used to discover, understand and fix (similar) vulnerabilities. However, most existing patch analysis approaches work at the source code level, while binary-level patch analysis often heavily relies on a lot of human efforts and expertise. Even worse, some vulnerabilities may be secretly patched without applying CVE numbers, or only the patched binary programs are available while the patches are not publicly released. These practices greatly hinder patch analysis and vulnerability analysis. In this paper, we propose a scalable binary-level patch analysis framework, named SPAIN, which can automatically identify security patches and summarize patch patterns and their corresponding vulnerability patterns. Specifically, given the original and patched versions of a binary program, we locate the patched functions and identify the changed traces (i.e., a sequence of basic blocks) that may contain security or non-security patches. Then we identify security patches through a semantic analysis of these traces and summarize the patterns through a taint analysis on the patched functions. The summarized patterns can be used to search similar patches or vulnerabilities in binary programs. Our experimental results on several real-world projects have shown that: i) SPAIN identified security patches with high accuracy and high scalability, ii) SPAIN summarized 5 patch patterns and their corresponding vulnerability patterns for 5 vulnerability types, and iii) SPAIN discovered security patches that were not documented, and discovered 3 zero-day vulnerabilities.","PeriodicalId":6505,"journal":{"name":"2017 IEEE/ACM 39th International Conference on Software Engineering (ICSE)","volume":"179 1","pages":"462-472"},"PeriodicalIF":0.0000,"publicationDate":"2017-05-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"117","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 IEEE/ACM 39th International Conference on Software Engineering (ICSE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICSE.2017.49","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 117

Abstract

Software vulnerability is one of the major threats to software security. Once discovered, vulnerabilities are often fixed by applying security patches. In that sense, security patches carry valuable information about vulnerabilities, which could be used to discover, understand and fix (similar) vulnerabilities. However, most existing patch analysis approaches work at the source code level, while binary-level patch analysis often heavily relies on a lot of human efforts and expertise. Even worse, some vulnerabilities may be secretly patched without applying CVE numbers, or only the patched binary programs are available while the patches are not publicly released. These practices greatly hinder patch analysis and vulnerability analysis. In this paper, we propose a scalable binary-level patch analysis framework, named SPAIN, which can automatically identify security patches and summarize patch patterns and their corresponding vulnerability patterns. Specifically, given the original and patched versions of a binary program, we locate the patched functions and identify the changed traces (i.e., a sequence of basic blocks) that may contain security or non-security patches. Then we identify security patches through a semantic analysis of these traces and summarize the patterns through a taint analysis on the patched functions. The summarized patterns can be used to search similar patches or vulnerabilities in binary programs. Our experimental results on several real-world projects have shown that: i) SPAIN identified security patches with high accuracy and high scalability, ii) SPAIN summarized 5 patch patterns and their corresponding vulnerability patterns for 5 vulnerability types, and iii) SPAIN discovered security patches that were not documented, and discovered 3 zero-day vulnerabilities.
西班牙:二进制文件的安全补丁分析,以理解痛苦和药丸
软件漏洞是软件安全的主要威胁之一。一旦发现漏洞,通常通过应用安全补丁来修复。从这个意义上说,安全补丁包含有关漏洞的有价值的信息,这些信息可用于发现、理解和修复(类似的)漏洞。然而,大多数现有的补丁分析方法都是在源代码级别上工作的,而二进制级别的补丁分析通常严重依赖于大量的人力和专业知识。更糟糕的是,一些漏洞可能在没有应用CVE编号的情况下被秘密修补,或者只有修补过的二进制程序可用,而补丁没有公开发布。这些实践极大地阻碍了补丁分析和漏洞分析。在本文中,我们提出了一个可扩展的二进制补丁分析框架,命名为西班牙,它可以自动识别安全补丁并总结补丁模式及其对应的漏洞模式。具体来说,给定二进制程序的原始版本和补丁版本,我们定位补丁函数并识别可能包含安全或非安全补丁的更改痕迹(即基本块序列)。然后,我们通过对这些痕迹的语义分析来识别安全补丁,并通过对补丁功能的污点分析来总结模式。总结的模式可用于搜索二进制程序中类似的补丁或漏洞。我们在多个现实项目的实验结果表明:1)西班牙识别出的安全补丁具有较高的准确性和高可扩展性;2)西班牙总结出5种漏洞类型的5种补丁模式及其对应的漏洞模式;3)西班牙发现了未记录的安全补丁,并发现了3个零日漏洞。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信