Paper Info
Title
Extracting Conditional Formulas for Cross-Platform Bug Search.
Abstract
With the recent increase in security breaches in embedded systems and IoT devices, it becomes increasingly important to search for vulnerabilities directly in binary executables in a cross-platform setting. However, very little has been explored in this domain. The existing efforts are prone to producing considerable false positives, and their results cannot provide explainable evidence for human analysts to eliminate these false positives. In this paper, we propose to extract conditional formulas as higher-level semantic features from the raw binary code to conduct the code search. A conditional formula explicitly captures two cardinal factors of a bug: 1) erroneous data dependencies and 2) missing or invalid condition checks. As a result, binary code search on conditional formulas produces significantly higher accuracy and provide meaningful evidence for human analysts to further examine the search results. We have implemented a prototype, XMATCH, and evaluated it using well-known software, including OpenSSL and BusyBox. Experimental results have shown that XMATCH outperforms the existing bug search techniques in terms of accuracy. Moreover, by evaluating 5 recent vulnerabilities, XMATCH provides clear evidence for human analysts to determine if a matched candidate is indeed vulnerable or has been patched.
Year
DOI
Venue
2017
10.1145/3052973.3052995
AsiaCCS
Keywords
Field
DocType
Vulnerability Search, Binary Analysis, Firmware Security
Data mining,Computer security,Computer science,Binary code,Internet of Things,Software,Cross-platform,Executable,Binary number,False positive paradox,Bug Search
Conference
Citations 
PageRank 
References 
4
0.41
28
Authors
6
Name
Order
Citations
PageRank
Qian Feng11515.54
Minghua Wang26415.40
Mu Zhang326211.24
Rundong Zhou4823.62
Andrew Henderson5463.16
Heng Yin62153111.33