Computer Science ›› 2023, Vol. 50 ›› Issue (4): 277-287.doi: 10.11896/jsjkx.220500092
• Information Security • Previous Articles Next Articles
SONG Wenkai, YOU Wei, LIANG Bin, HUANG Jianjun, SHI Wenchang
CLC Number:
[1]KOCH S.Evolution of open source software systems-a large-scale investigation[C]//International Conference on Open Source Systems.2005:148-153. [2]DESHPANDE A,RIEHLE D.The Total Growth of Open Source[C]//Open Source Development,Communities and Quality,IFIP 20th World Computer Congress,Working Group 2.3 on Open Source Software.Milano,Italy:OAI,2008. [3]2021 open source security and risk analysis (OSSRA)[EB/OL].https://www.synopsys.com/software-integrity/resources/analystreports/open-source-security-risk-analysis.html. [4]The GitHub Blog-Thank you for 100 million repositories[EB/OL].https://github.blog/2018-11-08-100m-repos/. [5]OpenHarmony[EB/OL].https://gitee.com/openharmony. [6]LwIP[EB/OL].http://savannah.nongnu.org/projects/lwip. [7]LwIP patch for CVE-2020-22284[EB/OL].https://savannah.nongnu.org/bugs/index.php?58554. [8]OpenHarmony patch for CVE-2020-22284[EB/OL].https://gitee.com/openharmony/third_party_lwip/commit/e53e0a6a4e2adf2fb75340cf4a06fc4cdbc2921d. [9]KIM S,WOO S,LEE H,et al.VUDDY:A Scalable Approachfor Vulnerable Code Clone Discovery[C]//2017 IEEE Sympo-sium on Security and Privacy(SP).IEEE,2017:595-614. [10]JANG J,AGRAWAL A,BRUMLEY D.ReDeBug:Finding Unpatched Code Clones in Entire OS Distributions[C]//2012 IEEE Symposium on Security and Privacy.IEEE,2012:48-61. [11]XIAO Y,CHEN B,YU C,et al.MVP:Detecting Vulnerabilities using Patch-Enhanced Vulnerability Signatures[C]//CAPKUN S,ROESNER F.29th USENIX Security Symposium,USENIX Security 2020.USA:USENIX Association,2020:1165-1182. [12]DONG Y,GUO W,CHEN Y,et al.Towards the Detection of Inconsistencies in Public Security Vulnerability Reports[C]//28th USENIX Security Symposium,USENIX Security 2019.Santa Clara,CA,USA:USENIX Association,2019:869-885. [13]KWON S,WOO S,SEONG G,et al.OCTOPOCS:AutomaticVerification of Propagated Vulnerable Code Using Reformed Proofs of Concept[C]//51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks,DSN 2021.Taipei,Taiwan:IEEE,2021:174-185. [14]YOU W,ZONG P Y,CHEN K,et al.SemFuzz:Semantics-based Automatic Generation of Proof-of-Concept Exploits[C]//the 2017 ACM SIGSAC Conference.New York:Association for Computing Machinery,2017:2139-2154. [15]AVGERINOS T,CHA S K,REBERT A,et al.Automatic exploit generation[J].Commun.ACM,2014,57(2):74-84. [16]HU H,CHUA Z L,ADRIAN S,et al.Automatic Generation of Data-Oriented Exploits[C]//24th USENIX Security Sympo-sium,USENIX Security 15.Washington,D.C.,USA:USENIX Association,2015:177-192. [17]ALHUZALI A,ESHETE B,GJOMEMO R,et al.Chainsaw:Chained Automated Workflow-based Exploit Generation[C]//Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security.Vienna,Austria:ACM,2016:641-652. [18]HUANG S,LU H,LEONG W,et al.CRAXweb:Automatic Web Application Testing and Attack Generation[C]//IEEE 7th International Conference on Software Security and Reliability,SERE 2013.Gaithersburg,MD,USA:IEEE,2013:208-217. [19]LUO L,ZENG Q,CAO C,et al.System Service Call-orientedSymbolic Execution of Android Framework with Applications to Vulnerability Discovery and Exploit Generation[C]//Procee-dings of the 15th Annual International Conference on Mobile Systems,Applications,and Services,MobiSys’17.Niagara Falls,NY,USA:ACM,2017:225-238. [20]BRUMLEY D,POOSANKAM P,SONG D X,et al.Automatic Patch-Based Exploit Generation is Possible:Techniques and Implications[C]//2008 IEEE Symposium on Security and Privacy (S&P 2008).Oakland,California,USA:IEEE Computer Society,2008:143-157. [21]STEPHENS N,GROSEN J,SALLS C,et al.Driller:Augmen-ting Fuzzing Through Selective Symbolic Execution[C]//Network and Distributed System Security Symposium.2016. [22]LU K,WALTER M T,PFAFF D,et al.Unleashing Use-Before-Initialization Vulnerabilities in the Linux Kernel Using Targeted Stack Spraying[C]//Network and Distributed System Security Symposium.2017. [23]WU W,CHEN Y,XU J,et al.FUZE:Towards Facilitating Exploit Generation for Kernel Use-After-Free Vulnerabilities[C]//27th USENIX Security Symposium,USENIX Security 2018.Baltimore,MD,USA:USENIX Association,2018:781-797. [24]WU W,CHEN Y,XING X,et al.KEPLER:Facilitating Con-trol-flow Hijacking Primitive Evaluation for Linux Kernel Vulnerabilities[C]//28th USENIX Security Symposium,USENIX Security 2019.Santa Clara,CA,USA:USENIX Association,2019:1187-1204. [25]YUN I,KAPIL D,KIM T.Automatic Techniques to Systematically Discover New Heap Exploitation Primitives[C]//29th USENIX Security Symposium,USENIX Security 2020.USA:USENIX Association,2020:1111-1128. [26]BABIC D,BUCUR S,CHEN Y,et al.FUDGE:fuzz driver ge-neration at scale[C]//Proceedings of the ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering,ESEC/SIGSOFT FSE 2019.Tallinn,Estonia:ACM,2019:975-985. [27]ISPOGLOU K K,AUSTIN D,MOHAN V,et al.FuzzGen:Automatic Fuzzer Generation[C]//29th USENIX Security Symposium,USENIX Security 2020.USA:USENIX Association,2020:2271-2287. [28]libfuzzer[EB/OL].https://llvm.org/docs/LibFuzzer.html. [29]LI Z,ZOU D,XU S,et al.VulPecker:an automated vulnerability detection system based on code similarity analysis[C]//Proceedings of the 32nd Annual Conference on Computer Security Applications,ACSAC 2016.Los Angeles,CA,USA:ACM,2016:201-213. [30]ZHEN L,ZOU D,XU S,et al.VulDeePecker:A Deep Learning-Based System for Vulnerability Detection[C]//Network and Distributed System Security Symposium.2018:2224-2236. [31]QEMU[EB/OL].https://www.qemu.org/. [32]ImageMagick[EB/OL].https://imagemagick.org/index.php. [33]Tree-sitter[EB/OL].https://github.com/tree-sitter/tree-sit-ter. [34]Addr2line[EB/OL].http://sourceware.org/binutils/docs/binutils/addr2line.html. |
[1] | GUO Ya-lin, LI Xiao-chen, REN Zhi-lei, JIANG He. Study on Effectiveness of Quality Objectives and Non-quality Objectives for Automated Software Refactoring [J]. Computer Science, 2022, 49(11): 55-64. |
[2] | MENG Fan-yi, WANG Ying, YU Hai, ZHU Zhi-liang. Refactoring of Complex Software Systems Research:PresentProblem and Prospect [J]. Computer Science, 2020, 47(12): 1-10. |
[3] | SHE Rong-rong, ZHANG Li-ping. Method for Identifying and Recommending Reconstructed Clones Based on Software Evolution History [J]. Computer Science, 2019, 46(8): 224-232. |
[4] | ZHANG Jing, LI Rui-xuan, TANG Jun-wei, HAN Hong-mu, GU Xi-wu. Collusion Behavior Detection Towards Android Third-party Libraries [J]. Computer Science, 2019, 46(5): 83-91. |
[5] | ZHANG Li-sheng, ZHANG Yue, LEI Da-jiang,. Feature Model Refactoring Method Based on Semantics [J]. Computer Science, 2019, 46(5): 135-142. |
[6] | ZHANG Qi-liang, ZHANG Yu and ZHOU Kun. CCodeExtractor:Automatic Approach of Function Extraction for C Programs [J]. Computer Science, 2017, 44(4): 16-20. |
[7] | WANG Fen, GU Nai-jie and HUANG Zeng-shi. Election Scheme Optimization of Redis Cluster Based on Bully Algorithm [J]. Computer Science, 2017, 44(10): 165-170. |
[8] | LIU Ying, ZHANG Ming-hui, YANG Wei, LU Zhen-tai, FENG Qian-jin and SU Yu-sheng. Hippocampus Segmentation Based on Spare Coding and Orientation-Scale Descriptor [J]. Computer Science, 2017, 44(1): 314-320. |
[9] | LIU Yang, LIU Qiu-rong and LIU Hui. Automated Detection of Extract Method Refactorings [J]. Computer Science, 2015, 42(12): 105-107. |
[10] | ZHANG Yang, ZHANG Dong-wen and QIU Jing. Automated Refactoring Framework for Java Locks [J]. Computer Science, 2015, 42(11): 84-89. |
[11] | LUO Guo-zhong,YIN Jian-ping and ZHU En. Super-resolution Image Reconstruction Based on Non-local POCS [J]. Computer Science, 2014, 41(8): 47-49. |
[12] | YIN Xing,ZHOU Jian-xiong and WANG Ming-zhe. Multi-epoch Analysis to Evolution Strategy of Enterprise Cloud Computing Application [J]. Computer Science, 2014, 41(6): 188-192. |
[13] | LONG Yong-hao,WANG Jia,CHEN Xiang-ping,LI Kai-yuan and OUYANG Chun-xia. Automatic Refactoring of TV Webpage for Optimizing Cost of Browsing [J]. Computer Science, 2014, 41(11): 128-131. |
[14] | . Computation Tree Logic CTL* Based on Possibility Measure and Possibilistic Bisimulation [J]. Computer Science, 2012, 39(10): 258-263. |
[15] | LI Bing-xiang,SHEN Li-wei,PENG Xin,ZHAO Wen-yun. Crosscutting Feature Analysis-based Automatic Software Architecture Refactoring Method [J]. Computer Science, 2010, 37(9): 141-146. |
|