Loading...

Vulnerability Extraction in Large Codebases Through Template Generalization

Salimi, Solmaz | 2023

143 Viewed
  1. Type of Document: Ph.D. Dissertation
  2. Language: Farsi
  3. Document No: 56017 (19)
  4. University: Sharif University of Technology
  5. Department: Computer Engineering
  6. Advisor(s): Kharrazi, Mehdi
  7. Abstract:
  8. As the size and complexity of software increase, the number of software vulnerabilities also increases. An examination of vulnerability reports shows that in addition to the fact that a large number of unknown vulnerabilities still exist in software, there is still no proper solution for identifying vulnerabilities that have been observed one sample of them exit in real-world software. The main reason for such an event is the lack of a suitable template for recognized vulnerabilities, which ultimately makes searching for them in other software a problem of scalability and high search cost. This thesis, recognizing the importance of the issue, presents a framework for extracting robust and generalized templates of vulnerability that is independent of the original source of vulnerability. To this end, recognized vulnerabilities and their associated patches are examined and two main models for vulnerability templates are defined: a code-based model and a constraint-based model. The proposed framework, using static analysis methods, decouples vulnerabilities from the main program and then instead of creating a literal template for each vulnerability, combines similar instances to a vulnerability class and produces a generalized pattern for similar instances. Vulnerability templates can be used in many cases, including the identification of new vulnerabilities in software, the identification of incomplete vulnerability patches, the examination of side effects of vulnerabilities, and the re-injection of vulnerabilities into programs for further testing. In this thesis, vulnerability templates are used for the identification of new vulnerabilities. To this end, a new templets-based search method has been added to the second dimension of the proposed framework. The effectiveness and efficiency of this framework have been evaluated by implementing it, extracting vulnerability templates, and then using them to identify new vulnerabilities. This implementation is able to extract code-based and constraint-based templates using version differencing of vulnerable and patched code of real-world projects through program slicing and under-constraint symbolic analysis. The search algorithm has also been developed based on program slicing. Ultimately, this base architecture has been successful in discovering new vulnerabilities and has been evaluated in other aspects
  9. Keywords:
  10. Software Security ; Vulnerability ; Security Vulnerability ; Large Codebase ; Vulnerability Extraction ; Vulnerability Template ; Template Generalization

 Digital Object List

 Bookmark

...see more