Loading...
| Friend's email | |
| Your name | |
| Your email | |
| enter code | |
This page was sent successfuly
VulSlicer: Vulnerability detection through code slicing
Salimi, S ; Sharif University of Technology | 2022
95
Viewed
- Type of Document: Article
- DOI: 10.1016/j.jss.2022.111450
- Publisher: Elsevier Inc , 2022
- Abstract:
- There has been a multitude of techniques proposed for identifying vulnerabilities in software. Forcing a program into a vulnerable state has become increasingly unscalable, given the size of the programs and the number of possible execution states. At the same time, techniques that are looking for vulnerability signatures are marred with weak and incomplete signatures. This is not to say that such techniques have failed to identify previously unknown vulnerabilities in the code. However, they have inherent weaknesses, which result in identifying vulnerabilities that are limited in type and complexity. We propose a novel technique to extract succinct vulnerability-relevant statements representing the self-contained nature of vulnerabilities and reproduce the vulnerable behavior independently of the rest of the program. We also introduce an innovative technique to slice target programs and search for similar vulnerability-relevant statements in them. We developed VulSlicer, a prototype system capable of extracting vulnerability-relevant statements from vulnerable programs and searching for them on target programs at scale. Furthermore, we have examined four candidate open-source projects and have been able to identify 118 potential vulnerabilities, out of which 94 were found to be silently patched, and from the remaining reported cases, three were confirmed by obtaining a CVE designation. © 2022 Elsevier Inc
- Keywords:
- Code slicing ; Static analysis ; Vulnerability detection ; Codes (symbols) ; Open source software ; Code slicing ; Forcings ; Innovative techniques ; Novel techniques ; Open source projects ; Prototype system ; Vulnerability detection ; Vulnerability signature ; Static analysis
- Source: Journal of Systems and Software ; Volume 193 , 2022 ; 01641212 (ISSN)
- URL: https://www.sciencedirect.com/science/article/abs/pii/S0164121222001443