Litcius/Paper detail

Localizing Vulnerabilities Statistically From One Exploit

Shiqi Shen, Aashish Kolluri, Zhen Dong, Prateek Saxena, Abhik Roychoudhury

202120 citationsDOI

Abstract

Automatic vulnerability diagnosis can help security analysts identify and, therefore, quickly patch disclosed vulnerabilities. The vulnerability localization problem is to automatically find a program point at which the "root cause" of the bug can be fixed. This paper employs a statistical localization approach to analyze a given exploit. Our main technical contribution is a novel procedure to systematically construct a test-suite which enables high-fidelity localization. We build our techniques in a tool called VulnLoc which automatically pinpoints vulnerability locations, given just one exploit, with high accuracy. VulnLoc does not make any assumptions about the availability of source code, test suites, or specialized knowledge of the type of vulnerability. It identifies actionable locations in its Top-5 outputs, where a correct patch can be applied, for about 88% of 43 CVEs arising in large real-world applications we study. These include 6 different classes of security flaws. Our results highlight the under-explored power of statistical analyses, when combined with suitable test-generation techniques.

Topics & Concepts

ExploitComputer scienceVulnerability (computing)Construct (python library)Test suiteSuiteVulnerability managementVulnerability assessmentSecure codingFidelityCode (set theory)Data miningPoint (geometry)Test caseComputer securityMachine learningSoftware security assuranceInformation securitySet (abstract data type)Programming languageSecurity serviceMathematicsHistoryPsychological resiliencePsychotherapistArchaeologyGeometryPsychologyRegression analysisTelecommunicationsSoftware Testing and Debugging TechniquesSoftware Reliability and Analysis ResearchAdvanced Malware Detection Techniques