CLORIFI: software vulnerability discovery using code clone verification

@article{Li2016CLORIFISV,
  title={CLORIFI: software vulnerability discovery using code clone verification},
  author={Hongzhe Li and Hyuckmin Kwon and Jonghoon Kwon and Heejo Lee},
  journal={Concurrency and Computation: Practice and Experience},
  year={2016},
  volume={28},
  pages={1900 - 1917}
}
Software vulnerability has long been considered an important threat to the system safety. A vulnerability is often reproduced because of the frequent code reuse by programmers. Security patches are usually not propagated to all code clones; however, they could be leveraged to discover unknown vulnerabilities. Static code auditing approaches are frequently proposed to scan source codes for security flaws; unfortunately, these approaches generate too many false positives. While dynamic execution… 

VUDDY: A Scalable Approach for Vulnerable Code Clone Discovery

TLDR
VUDDY outperformed four state-of-the-art code clone detection techniques in terms of both scalability and accuracy, and proved its effectiveness by detecting zero-day vulnerabilities in widely used software systems, such as Apache HTTPD and Ubuntu OS Distribution.

Program Slice based Vulnerable Code Clone Detection

  • Xiaonan SongAimin Yu Dan Meng
  • Computer Science
    2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)
  • 2020
TLDR
This paper proposes a method that can detect vulnerabilities caused by code clones through program slices, which detects 12.72% more vulnerable clones in acceptable time compared with Vuddy, proving the effectiveness of the method.

Automated Source Code Instrumentation for Verifying Potential Vulnerabilities

TLDR
This paper proposes an automatic verification mechanism to discover and verify vulnerabilities by using program source instrumentation and concolic testing, and shows that the system finds and verifies vulnerabilities in a fully automatic way with no false positives.

Security Vulnerabilities in Categories of Clones and Non-Cloned Code: An Empirical Study

TLDR
The study reveals that the security vulnerabilities found in code clones have higher severity of security risks compared to those in non-cloned code, and will be useful in clone-aware software development with improved software security.

Restructured Cloning Vulnerability Detection Based on Function Semantic Reserving and Reiteration Screening

TLDR
A novel approach is proposed, called RCVD++, for detecting restructured cloning vulnerabilities, which introduces a new feature extraction for vulnerable code based on program slicing and optimizes the code abstraction and detection granularity.

VFDETECT: A vulnerable code clone detection system based on vulnerability fingerprint

  • Z. LiuQiang WeiYan Cao
  • Computer Science
    2017 IEEE 3rd Information Technology and Mechatronics Engineering Conference (ITOEC)
  • 2017
TLDR
An innovative fingerprint model is presented to describe the vulnerability code and VFDETECT, an efficient system to detect vulnerable code clones based on the fingerprints is proposed, which could maintain better performance and acquire higher robustness under multiple code modification methods such as variable renaming, code sequence changing and redundancy inserting.

Vulnerability Analysis of Similar Code

TLDR
This work conducts an empirical study on vulnerabilities in C/C++ code to characterize security flaws and finds out if the same vulnerabilities exist in applications that share similar code or have the same business logic/domain.

A Survey of Software Clone Detection From Security Perspective

TLDR
Three further research directions, (i) deep learning-based code clone vulnerability detection, (ii) vulnerable code clone detection for 5G-Internet of Things devices, and (iii) real-time detection methods for more efficiently detecting clone attacks are discussed.

Improving real-world vulnerability characterization with vulnerable slices

TLDR
Vulnerable slices are introduced as vulnerable code units to measure the software metrics and then use these new measured metrics to characterize vulnerable codes, showing that vulnerable slices significantly increase the accuracy of vulnerability characterization.

OCTOPOCS: Automatic Verification of Propagated Vulnerable Code Using Reformed Proofs of Concept

TLDR
This work presents OCTOPOCS, which uses a reformed Proof-of-Concept (PoC), to verify whether a vulnerability is propagated, and evaluated it with 15 real-world C and C++ vulnerable software pairs, with results showing that OCTopOCS successfully verified 14 propagated vulnerabilities.

References

SHOWING 1-10 OF 36 REFERENCES

A Scalable Approach for Vulnerability Discovery Based on Security Patches

TLDR
This paper uses a fast and scalable syntax-based way to find code clones and then, it verify the code clones using concolic testing to dramatically decrease the false positives, and mitigate the path explosion problem by backward data tracing in concolic execution.

Software Vulnerability Detection Using Backward Trace Analysis and Symbolic Execution

TLDR
This research proposes backward trace analysis and symbolic execution to detect vulnerabilities from source code and can efficiently mitigate path explosion problem in traditional symbolic execution.

Chucky: exposing missing checks in source code for vulnerability discovery

TLDR
In an empirical evaluation with five popular open-source projects, Chucky is able to accurately identify artificial and real missing checks, which ultimately enables us to uncover 12 previously unknown vulnerabilities in two of the projects (Pidgin and LibTIFF).

ReDeBug: Finding Unpatched Code Clones in Entire OS Distributions

TLDR
ReDeBug may find fewer code clones, but gains scale, speed, reduces the false detection rate, and is language agnostic, while there has been previous work on code clone detection.

Detecting vulnerabilities in C programs using trace-based testing

TLDR
The novelty of this method is a test model that unifies program constraints and security constraints such that formal reasoning can be applied to detect vulnerabilities.

Scalable and systematic detection of buggy inconsistencies in source code

TLDR
DejaVu is presented, a highly scalable system for detecting general syntactic inconsistency bugs, on a 75+ million line pre-production commercial code base, executed in under five hours and produced a report of over 8,000 potential bugs.

ITS4: a static vulnerability scanner for C and C++ code

TLDR
ITS4, a tool for statically scanning security-critical C source code for vulnerabilities, stakes out a new middle ground between accuracy and efficiency and is efficient enough to offer real-time feedback to developers during coding while producing few false negatives.

An automated approach for identifying potential vulnerabilities in software

TLDR
Results from analyzing the vulnerability of security-critical software applications to malicious threats and anomalous events using an automated fault injection analysis approach are presented.

Improving Security Using Extensible Lightweight Static Analysis

TLDR
This article describes an extensible tool that uses lightweight static analysis to detect common security vulnerabilities (including buffer overflows and format string vulnerabilities).

Testing C Programs for Buffer Overflow Vulnerabilities

TLDR
A testing technique that instruments programs with code that keeps track of memory buffers, and checks arguments to functions to determine if they satisfy certain conditions, warns when a buffer overflow may occur when executed with ”normal” test data.