vuddy a scalable approach for
play

VUDDY: A Scalable Approach for Vulnerable Code Clone Detection - PowerPoint PPT Presentation

Aug 15, 2022 •104 likes •618 views

IEEE S&P 2017 VUDDY: A Scalable Approach for Vulnerable Code Clone Detection Seulbae Kim , Seunghoon Woo, Heejo Lee, and Hakjoo Oh Korea University May 23, 2017 Question Number of unpatched vulnerabilities in smartphone firmwares

  1. IEEE S&P 2017 VUDDY: A Scalable Approach for Vulnerable Code Clone Detection Seulbae Kim , Seunghoon Woo, Heejo Lee, and Hakjoo Oh Korea University May 23, 2017

  2. Question • Number of unpatched vulnerabilities in smartphone firmware’s source code? 200+ unpatched vulnerable code clones detected! Computer & Communication Security Lab., Korea University 1

  3. Motivation • Number of open source software is increasing Computer & Communication Security Lab., Korea University 2

  4. Motivation • Code clones – reused code fragments • Major cause of vulnerability propagation CVE-2016-5195 Computer & Communication Security Lab., Korea University 3

  5. Problem: Scalable & Accurate Vulnerable Code Clone Discovery Computer & Communication Security Lab., Korea University 4

  6. Scalable & Accurate Vulnerable Code Clone discovery • Scalability Software systems are getting bigger Linux kernel – 25.4 MLoC accuracy “L” Smart TV – 35 MLoC scalability Computer & Communication Security Lab., Korea University 5

  7. Scalable & Accurate Vulnerable Code Clone discovery • Accuracy scalability FP == increased time and efforts accuracy Computer & Communication Security Lab., Korea University 6

  8. Scalable & Accurate Vulnerable Code Clone discovery • Previous approaches accuracy Line-level Token-level matching matching Jang et al., Kamiya et al., Graph/tree ReDeBug (S&P’12) CCFinder (TSE’02) matching Bag-of-tokens Jiang et al ., (ICSE’07) matching Sasaki et al., Sajnani et al., FCFinder (MSR’10) SourcererCC (ICSE’16) File-level matching scalability Computer & Communication Security Lab., Korea University 7

  9. Scalable & Accurate Vulnerable Code Clone discovery • Goal accuracy ? Line-level Token-level matching matching Jang et al., Kamiya et al., Graph/tree ReDeBug (S&P’12) CCFinder (TSE’02) matching Bag-of-tokens Jiang et al ., (ICSE’07) matching Sasaki et al., Sajnani et al., FCFinder (MSR’10) SourcererCC (ICSE’16) File-level matching scalability Computer & Communication Security Lab., Korea University 8

  10. Proposed Method: VUDDY Computer & Communication Security Lab., Korea University 9

  11. Demonstration of VUDDY Computer & Communication Security Lab., Korea University 10

  12. Proposed method: VUDDY • VUDDY: VUlnerable coDe clone DiscoverY Computer & Communication Security Lab., Korea University 11

  13. Proposed method: VUDDY • VUDDY: VUlnerable coDe clone DiscoverY • Searches for vulnerable code clones Computer & Communication Security Lab., Korea University 12

  14. Proposed method: VUDDY • VUDDY: VUlnerable coDe clone DiscoverY • Searches for vulnerable code clones • Scales beyond 1 BLoC target Computer & Communication Security Lab., Korea University 13

  15. Proposed method: VUDDY • VUDDY: VUlnerable coDe clone DiscoverY • Searches for vulnerable code clones • Scales beyond 1 BLoC target • Detects both known & unknown vulnerability Computer & Communication Security Lab., Korea University 14

  16. Proposed method: VUDDY • VUDDY: VUlnerable coDe clone DiscoverY • Searches for vulnerable code clones • Scales beyond 1 BLoC target • Detects both known & unknown vulnerability • Low false positive rate Computer & Communication Security Lab., Korea University 15

  17. Proposed method: VUDDY • Overview fingerprinting dictionary vulnerable functions fingerprint dictionary comparison vulnerable of vulnerable functions code clones fingerprinting A Program a target program fingerprint dictionary of target functions Computer & Communication Security Lab., Korea University 16

  18. Collecting vulnerable code • Vulnerability patching Old code New code CVE patch (vulnerable) (fixed) Computer & Communication Security Lab., Korea University 17

  19. Collecting vulnerable code • Reconstructing vulnerability from security patch Old code Software repository CVE patch (vulnerable) Computer & Communication Security Lab., Korea University 18

  20. Fingerprinting a program A Program Computer & Communication Security Lab., Korea University 19

  21. Fingerprinting a program 1. Retrieve all functions from a program int sum (int a, int b) { return a + b; } void increment() { int num = 80; A Program num++; // no return } void printer (char* src) { printf(“%s”, src); } Computer & Communication Security Lab., Korea University 20

  22. Fingerprinting a program 2. Apply abstraction and normalization to functions int sum (int a, int b) { returnfparam+fparam; return a + b; } void increment() { int num = 80; dtypelvar=80;lvar++; A Program num++; // no return } void printer (char* src) { funccall (“%s”, fparam); printf (“%s”, src); } Computer & Communication Security Lab., Korea University 21

  23. Fingerprinting a program 3. Compute length and hash value int sum (int a, int b) length : 20 { returnfparam+fparam; return a + b; hash val: C94D9910… } void increment() { length : 20 int num = 80; dtypelvar=80;lvar++; A Program hash val: D6E77882… num++; // no return } void printer (char* src) length : 23 { funccall (“%s”, fparam); printf (“%s”, src); hash val: 9A45E4A1… } Computer & Communication Security Lab., Korea University 22

  24. Fingerprinting a program 4. Store in a dictionary length : 20 hash val: C94D9910… “Fingerprint dictionary” 20: [C94D9910, D6E77882] length : 20 A Program hash val: D6E77882… 23: [9A45E4A1] length : 23 hash val: 9A45E4A1… Computer & Communication Security Lab., Korea University 23

  25. Abstraction • Transform function by replacing • Formal parameters Level 0: No abstraction • Data types 1 void avg (float arr [], int len ) { 2 static float sum = 0; • Local variables 3 unsigned int i; 4 • Function names 5 for (i = 0; i < len ; i++) { 6 sum += arr [i]; 7 } 8 9 printf (“%f %d \ n”, sum/ len , validate (sum)); 10 } Computer & Communication Security Lab., Korea University 24

  26. Abstraction • Transform function by replacing • Formal parameters Level 1: Formal parameter abstraction 1 void avg (float FPARAM [], int FPARAM ) { • Data types 2 static float sum = 0; • Local variables 3 unsigned int i; 4 • Function names 5 for (i = 0; i < FPARAM ; i++) { 6 sum += FPARAM [i]; 7 } 8 9 printf (“%f %d \ n”, sum/ FPARAM , validate (sum)); 10 } Computer & Communication Security Lab., Korea University 25

  27. Abstraction • Transform function by replacing • Formal parameters Level 2: Local variable name abstraction 1 void avg (float FPARAM[], int FPARAM) { • Data types 2 static float LVAR = 0; • Local variables 3 unsigned int LVAR ; 4 • Function names 5 for ( LVAR = 0; LVAR < FPARAM; LVAR ++) { 6 LVAR += FPARAM[ LVAR ]; 7 } 8 9 printf (“%f %d \ n”, LVAR /FPARAM, validate ( LVAR )); 10 } Computer & Communication Security Lab., Korea University 26

  28. Abstraction • Transform function by replacing • Formal parameters Level 3: Data type abstraction 1 DTYPE avg ( DTYPE FPARAM[], DTYPE FPARAM) { • Data types 2 DTYPE LVAR = 0; • Local variables 3 unsigned DTYPE LVAR; 4 • Function names 5 for (LVAR = 0; LVAR < FPARAM; LVAR ++) { 6 LVAR += FPARAM[LVAR]; 7 } 8 9 printf (“%f %d \ n”, LVAR/FPARAM, validate (LVAR)); 10 } Computer & Communication Security Lab., Korea University 27

  29. Abstraction • Transform function by replacing • Formal parameters Level 4: Function call abstraction 1 DTYPE avg (DTYPE FPARAM[], DTYPE FPARAM) { • Data types 2 DTYPE LVAR = 0; • Local variables 3 unsigned DTYPE LVAR; 4 • Function names 5 for (LVAR = 0; LVAR < FPARAM; LVAR ++) { 6 LVAR += FPARAM[LVAR]; 7 } 8 9 FUNCCALL (“%f %d \ n”, LVAR/FPARAM, FUNCCALL (LVAR)); 10 } Computer & Communication Security Lab., Korea University 28

  30. Normalization • Remove • comments 1 DTYPE avg (DTYPE FPARAM[], DTYPE FPARAM) { • tabs 2 DTYPE LVAR = 0; • white spaces 3 unsigned DTYPE LVAR; 4 • CRLF 5 for (LVAR = 0; LVAR < FPARAM; LVAR ++) { 6 LVAR += FPARAM[LVAR]; • Convert into lowercase 7 } 8 9 FUNCCALL (“%f %d \ n”, LVAR/FPARAM, FUNCCALL (LVAR)); 10 } dtypelvar=0;unsigneddtypelvar;for(lvar=0;lvar<fparam;lvar++){lvar+=fparam[lvar];} funccall (“% f %d\n ”, lvar/fparam, funccall (lvar)); Computer & Communication Security Lab., Korea University 29

  31. Vulnerable code clone detection • By comparing two fingerprint dictionaries repository fingerprint dictionary of vulnerable functions Computer & Communication Security Lab., Korea University 30

  32. Vulnerable code clone detection • By comparing two fingerprint dictionaries repository fingerprint dictionary of vulnerable functions target program fingerprint dictionary of target functions Computer & Communication Security Lab., Korea University 31

  33. Vulnerable code clone detection • By comparing two fingerprint dictionaries 20: [ABCDEF01, C94D9910] 21: [D155F630] 22: [C67F45FD, DDBF3838] repository fingerprint dictionary of vulnerable functions 20: [C94D9910, D6E77882] 23: [9A45E4A1] target program fingerprint dictionary of target functions Computer & Communication Security Lab., Korea University 32

Recommend

Lightcuts: A Scalable Lightcuts: A Scalable Approach to Illumination Approach to Illumination

Lightcuts: A Scalable Lightcuts: A Scalable Approach to Illumination Approach to Illumination

Lightcuts: A Scalable Lightcuts: A Scalable Approach to Illumination Approach to Illumination Bruce Walter, Sebastian Fernandez, Adam Arbree, Mike Donikian, Kavita Bala, Donald Greenberg Program of Computer Graphics, Cornell University

715 views • 70 slides
A Scalable Scalable Approach Approach A for for Large- -Scale Scale Schema Schema

A Scalable Scalable Approach Approach A for for Large- -Scale Scale Schema Schema

A Scalable Scalable Approach Approach A for for Large- -Scale Scale Schema Schema Mediation Mediation Large Khalid Saleem, Zohra Bellahsne LIRMM CNRS/Universit Montpellier 2, France Outline Outline Introduction The

422 views • 21 slides
The Scalable Commutativity Rule: Designing Scalable Software for Multicore Processors Austin T.

The Scalable Commutativity Rule: Designing Scalable Software for Multicore Processors Austin T.

The Scalable Commutativity Rule: Designing Scalable Software for Multicore Processors Austin T. Clements M. Frans Kaashoek Nickolai Zeldovich Robert Morris Eddie Kohler MIT CSAIL and Harvard Current approach to scalable software

1.48k views • 55 slides
CO 2 Mineralisation - a scalable &amp; profitable approach to industrial CCS Michael Priestnall

CO 2 Mineralisation - a scalable &amp; profitable approach to industrial CCS Michael Priestnall

CO 2 Mineralisation - a scalable &amp; profitable approach to industrial CCS Michael Priestnall CEO, Cambridge Carbon Capture Ltd Industry Chair, Mineralisation Cluster, UK CO2Chem Network CO2 Re-Use Workshop (JRC DG CLIMA) Brussels, 7 th June

439 views • 19 slides
A Scalable Approach to Attack Graph Generation By Ou, Boyer, McQueen Presented By: Philip Koshy

A Scalable Approach to Attack Graph Generation By Ou, Boyer, McQueen Presented By: Philip Koshy

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA A Scalable Approach to Attack Graph Generation By Ou, Boyer,

591 views • 33 slides
Lightcuts: A Scalable Approach to Illumination Authored by: Bruce Walter, Sebastian Fernandez,

Lightcuts: A Scalable Approach to Illumination Authored by: Bruce Walter, Sebastian Fernandez,

Lightcuts: A Scalable Approach to Illumination Authored by: Bruce Walter, Sebastian Fernandez, Adam Arbree, Kavita Bala, Michael Donikian, Donald P. Greenberg Presented by: Brian Phlipot and Sean Ryan Outline Introduction o What is

424 views • 21 slides
The Parks McClellan algorithm: a scalable approach for designing FIR filters Silviu Filip under

The Parks McClellan algorithm: a scalable approach for designing FIR filters Silviu Filip under

The Parks McClellan algorithm: a scalable approach for designing FIR filters Silviu Filip under the supervision of N. Brisebarre and G. Hanrot (AriC, LIP, ENS Lyon) Rencontres Arithmtiques de lInformatique Mathmatique (RAIM) Rennes,

749 views • 47 slides
A Scalable Decomposition Approach for Stochastic Mixed-Integer Programs Kibaek Kim Jointly work

A Scalable Decomposition Approach for Stochastic Mixed-Integer Programs Kibaek Kim Jointly work

A Scalable Decomposition Approach for Stochastic Mixed-Integer Programs Kibaek Kim Jointly work with Brian Dandurand (ANL), Cosmin Petra (LLNL), and Victor Zavala (UW-Madison) Mathematics and Computer Science Division Argonne National

474 views • 46 slides
A Scalable Approach to Incrementally Building Knowledge Graphs Gleb Gawriljuk (KIT), Andreas

A Scalable Approach to Incrementally Building Knowledge Graphs Gleb Gawriljuk (KIT), Andreas

A Scalable Approach to Incrementally Building Knowledge Graphs Gleb Gawriljuk (KIT), Andreas Harth (KIT), Craig A. Knoblock (USC), Pedro Szekely (USC) INSTITUTE AIFB, CHAIRS OF KNOWLEDGE MANAGEMENT AND WEB SCIENCE

636 views • 30 slides
The Scalable Petascale Data-Driven Approach for the Cholesky Factorization with multiple GPUs

The Scalable Petascale Data-Driven Approach for the Cholesky Factorization with multiple GPUs

The Scalable Petascale Data-Driven Approach for the Cholesky Factorization with multiple GPUs Yuki Tsujita, Toshio Endo, Katsuki Fujisawa Tokyo Institute of Technology, Japan ESPM2 2015@Austin Texas, USA 1 What is the Cholesky factorization?

743 views • 25 slides
Scalable preference disaggregation: A multiple criteria sorting approach based on the MapReduce

Scalable preference disaggregation: A multiple criteria sorting approach based on the MapReduce

Scalable preference disaggregation: A multiple criteria sorting approach based on the MapReduce framework Jiapeng Liu November 22, 2018 School of Management Xian Jiaotong University P.R. China 1 Introduction Multiple criteria sorting

622 views • 39 slides
Towards Scalable Real-Time Entity Resolution using a Similarity-Aware Inverted Index Approach

Towards Scalable Real-Time Entity Resolution using a Similarity-Aware Inverted Index Approach

Towards Scalable Real-Time Entity Resolution using a Similarity-Aware Inverted Index Approach Peter Christen 1 and Ross Gayler 2 1 Department of Computer Science, ANU College of Engineering and Computer Science, The Australian National

541 views • 20 slides
Scalable String Matching on the Scalable String Matching on the Scalable String Matching on the

Scalable String Matching on the Scalable String Matching on the Scalable String Matching on the

Scalable String Matching on the Scalable String Matching on the Scalable String Matching on the Cell BE Processor BE Processor Cell Cell BE Processor Daniele Scarpazza, Oreste Villa, Fabrizio Petrini Applied Computer Science Group Pacific

408 views • 21 slides
Cache Coherence in Scalable Machines Scalable Cache Coherent Systems Scalable, distributed

Cache Coherence in Scalable Machines Scalable Cache Coherent Systems Scalable, distributed

Cache Coherence in Scalable Machines Scalable Cache Coherent Systems Scalable, distributed memory plus coherent replication Scalable distributed memory machines P-C-M nodes connected by network communication assist interprets

1.13k views • 87 slides
A Massively Scalable Architecture for Learning Representations from Heterogeneous Graphs NVIDIA

A Massively Scalable Architecture for Learning Representations from Heterogeneous Graphs NVIDIA

A Massively Scalable Architecture for Learning Representations from Heterogeneous Graphs NVIDIA GPU Technology Conference 2019 - San Jose, CA C. Bayan Bruss Anish Khazane 1. Overview &amp; Background TODAYS TALK 2. Our Approach How to

680 views • 54 slides
Jason Baumgartner, Hari Mony, Michael Case, Jun Sawada and Karen Yorav IBM Corporation FMCAD

Jason Baumgartner, Hari Mony, Michael Case, Jun Sawada and Karen Yorav IBM Corporation FMCAD

Scalable Conditional Equivalence Checking: Scalable Conditional Equivalence Checking: An Automated Invariant- -Generation Based Approach Generation Based Approach An Automated Invariant Jason Baumgartner, Hari Mony, Michael Case, Jun Sawada

491 views • 24 slides
Scalable, Integrated Software Simplifying I4.0 Adoption Simon Osborne sosborne@control2k.co.uk

Scalable, Integrated Software Simplifying I4.0 Adoption Simon Osborne sosborne@control2k.co.uk

Scalable, Integrated Software Simplifying I4.0 Adoption Simon Osborne sosborne@control2k.co.uk Digital Manufacturing Challenges Valuable sources of data on the shopfloor but no unified approach to access, store and analyse Describing

270 views • 13 slides
Scalable Interconnection Networks 1 Scalable, High Performance Network At Core of Parallel

Scalable Interconnection Networks 1 Scalable, High Performance Network At Core of Parallel

Scalable Interconnection Networks 1 Scalable, High Performance Network At Core of Parallel Computer Architecture Requirements and trade-offs at many levels Elegant mathematical structure Deep relationships to algorithm structure

691 views • 52 slides
The Scalable Commutativity Rule: Designing Scalable Software for Multicore Processors Austin T.

The Scalable Commutativity Rule: Designing Scalable Software for Multicore Processors Austin T.

The Scalable Commutativity Rule: Designing Scalable Software for Multicore Processors Austin T. Clements Thesis advisors: M. Frans Kaashoek Nickolai Zeldovich Robert Morris Eddie Kohler x86 CPU trends x86 CPU trends 2005 x86 CPU trends

1.3k views • 92 slides
Dyninst Scalable Tools Workshop Granlibakken Resort Lake Tahoe, California Dyninst Scalable

Dyninst Scalable Tools Workshop Granlibakken Resort Lake Tahoe, California Dyninst Scalable

Dyninst Scalable Tools Workshop Granlibakken Resort Lake Tahoe, California Dyninst Scalable Tools Workshop A Brief Introduction to Dyninst Dyninst: a tool for static and dynamic binary instrumentation and modification 2 Dyninst Scalable

711 views • 47 slides
GRAIL: Scalable Reachability Index for Large Graphs Hilmi Yldrm 1 Vineet Chaoji 2 Mohammed

GRAIL: Scalable Reachability Index for Large Graphs Hilmi Yldrm 1 Vineet Chaoji 2 Mohammed

Problem Definition &amp; Motivation Background Our Approach : GRAIL Experiments Conclusion &amp; Future Work GRAIL: Scalable Reachability Index for Large Graphs Hilmi Yldrm 1 Vineet Chaoji 2 Mohammed J.Zaki 1 1 Rensselaer Polytechnic

992 views • 55 slides
Fast and Scalable Relational Division on Fast and Scalable Relational Division on Database

Fast and Scalable Relational Division on Fast and Scalable Relational Division on Database

Fast and Scalable Relational Division on Fast and Scalable Relational Division on Database Systems Database Systems Andr S. Gonzaga , Robson L. F. Cordeiro 1. Introduction 2. Contributions 3. Background a. Genetic Data b. Diviso

710 views • 55 slides
Highly Scalable Highly Scalable Ethernets Ethernets Paul Bottorff, Chief Architect, Carrier

Highly Scalable Highly Scalable Ethernets Ethernets Paul Bottorff, Chief Architect, Carrier

I nternational Telecom m unication Union ITU-T Highly Scalable Highly Scalable Ethernets Ethernets Paul Bottorff, Chief Architect, Carrier Ethernet, Nortel MEF VP, S ecretary, and Board Member IEEE P802.1ah Editor pbottorf@ nortel.com

237 views • 21 slides
Scalable Range Locks for Scalable Address Spaces And Beyond Alex Kogan Dave Dice Shady

Scalable Range Locks for Scalable Address Spaces And Beyond Alex Kogan Dave Dice Shady

Scalable Range Locks for Scalable Address Spaces And Beyond Alex Kogan Dave Dice Shady Issa Oracle Labs U. Lisboa &amp; INESC-ID Range Locks Conceived in parallel filesystems Allow concurrent access to shared resources e.g.:

396 views • 28 slides

More recommend