Computer Science

Computer Science ›› 2023, Vol. 50 ›› Issue (4): 277-287.doi: 10.11896/jsjkx.220500092

• Information Security • Previous Articles     Next Articles

Research on PoC Refactoring of Third-party Library in Heterogeneous Environment

SONG Wenkai, YOU Wei, LIANG Bin, HUANG Jianjun, SHI Wenchang   

  1. School of Information,Renmin University of China,Beijing 100872,China
  • Received:2022-05-11 Revised:2022-10-23 Online:2023-04-15 Published:2023-04-06
  • About author:SONG Wenkai,born in 1995,postgra-duate.His main research interests include software security analysis,etc.
    YOU Wei,born in 1988,Ph.D,associate professor.His main research interests include vulnerability mining,malicious program analysis and mobile security,etc.
  • Supported by:
    National Natural Science Foundation of China(62002361,U1836209).

PDF (PC)

319

Abstract: Vulnerabilities in third-party libraries are widely propagated to host applications(software that using third-party libra-ries),and developers of host applications usually fail to fix these vulnerabilities in a timely manner,which easily leads to security problems.In order to explore the impact of third-party library vulnerabilities on the host applications,it is particularly important to effectively verify whether the vulnerabilities propagated to the host application can still be triggered.The latest research applies taint analysis and symbolic execution to transform the PoC of third-party libraries to make it suitable for host applications.However,there are often differences between the test environment of the third-party library and the real environment of the host application (they are heterogeneous environments),so that the PoC transformed by the above method is still difficult to apply to the host application.To solve the above problems,a method for PoC refactoring in heterogeneous environment is proposed,which can be divided into four steps.Firstly,we exeract the execution traces in the third-party library test environment and the host application environment respectively when the original PoC is input.Secondly,we compare and analyze the two traces obtained in the first step to identify differences.Thirdly,we analyze codes at difference points to identify the key variables that cause the diffe-rences.Finally,we locate the key fields in the PoC that can affect the state of key variables,by mutating the key fields of the PoC,we try to modify the state of the key variables and align the difference paths,guide the execution flow of the host application to reach the vulnerability code,and eventually we complete the refactoring of the PoC.Experiments are carried out on 11 real-world PoCs,and the experimental results show that the proposed method can successfully verify the triggerability of the propagated vu-lnerability in the host application in a heterogeneous environment.

Key words: PoC, Third-party library, Heterogeneous environments, Refactoring

CLC Number: 

  • TP311
[1]KOCH S.Evolution of open source software systems-a large-scale investigation[C]//International Conference on Open Source Systems.2005:148-153.
[2]DESHPANDE A,RIEHLE D.The Total Growth of Open Source[C]//Open Source Development,Communities and Quality,IFIP 20th World Computer Congress,Working Group 2.3 on Open Source Software.Milano,Italy:OAI,2008.
[3]2021 open source security and risk analysis (OSSRA)[EB/OL].https://www.synopsys.com/software-integrity/resources/analystreports/open-source-security-risk-analysis.html.
[4]The GitHub Blog-Thank you for 100 million repositories[EB/OL].https://github.blog/2018-11-08-100m-repos/.
[5]OpenHarmony[EB/OL].https://gitee.com/openharmony.
[6]LwIP[EB/OL].http://savannah.nongnu.org/projects/lwip.
[7]LwIP patch for CVE-2020-22284[EB/OL].https://savannah.nongnu.org/bugs/index.php?58554.
[8]OpenHarmony patch for CVE-2020-22284[EB/OL].https://gitee.com/openharmony/third_party_lwip/commit/e53e0a6a4e2adf2fb75340cf4a06fc4cdbc2921d.
[9]KIM S,WOO S,LEE H,et al.VUDDY:A Scalable Approachfor Vulnerable Code Clone Discovery[C]//2017 IEEE Sympo-sium on Security and Privacy(SP).IEEE,2017:595-614.
[10]JANG J,AGRAWAL A,BRUMLEY D.ReDeBug:Finding Unpatched Code Clones in Entire OS Distributions[C]//2012 IEEE Symposium on Security and Privacy.IEEE,2012:48-61.
[11]XIAO Y,CHEN B,YU C,et al.MVP:Detecting Vulnerabilities using Patch-Enhanced Vulnerability Signatures[C]//CAPKUN S,ROESNER F.29th USENIX Security Symposium,USENIX Security 2020.USA:USENIX Association,2020:1165-1182.
[12]DONG Y,GUO W,CHEN Y,et al.Towards the Detection of Inconsistencies in Public Security Vulnerability Reports[C]//28th USENIX Security Symposium,USENIX Security 2019.Santa Clara,CA,USA:USENIX Association,2019:869-885.
[13]KWON S,WOO S,SEONG G,et al.OCTOPOCS:AutomaticVerification of Propagated Vulnerable Code Using Reformed Proofs of Concept[C]//51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks,DSN 2021.Taipei,Taiwan:IEEE,2021:174-185.
[14]YOU W,ZONG P Y,CHEN K,et al.SemFuzz:Semantics-based Automatic Generation of Proof-of-Concept Exploits[C]//the 2017 ACM SIGSAC Conference.New York:Association for Computing Machinery,2017:2139-2154.
[15]AVGERINOS T,CHA S K,REBERT A,et al.Automatic exploit generation[J].Commun.ACM,2014,57(2):74-84.
[16]HU H,CHUA Z L,ADRIAN S,et al.Automatic Generation of Data-Oriented Exploits[C]//24th USENIX Security Sympo-sium,USENIX Security 15.Washington,D.C.,USA:USENIX Association,2015:177-192.
[17]ALHUZALI A,ESHETE B,GJOMEMO R,et al.Chainsaw:Chained Automated Workflow-based Exploit Generation[C]//Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security.Vienna,Austria:ACM,2016:641-652.
[18]HUANG S,LU H,LEONG W,et al.CRAXweb:Automatic Web Application Testing and Attack Generation[C]//IEEE 7th International Conference on Software Security and Reliability,SERE 2013.Gaithersburg,MD,USA:IEEE,2013:208-217.
[19]LUO L,ZENG Q,CAO C,et al.System Service Call-orientedSymbolic Execution of Android Framework with Applications to Vulnerability Discovery and Exploit Generation[C]//Procee-dings of the 15th Annual International Conference on Mobile Systems,Applications,and Services,MobiSys’17.Niagara Falls,NY,USA:ACM,2017:225-238.
[20]BRUMLEY D,POOSANKAM P,SONG D X,et al.Automatic Patch-Based Exploit Generation is Possible:Techniques and Implications[C]//2008 IEEE Symposium on Security and Privacy (S&P 2008).Oakland,California,USA:IEEE Computer Society,2008:143-157.
[21]STEPHENS N,GROSEN J,SALLS C,et al.Driller:Augmen-ting Fuzzing Through Selective Symbolic Execution[C]//Network and Distributed System Security Symposium.2016.
[22]LU K,WALTER M T,PFAFF D,et al.Unleashing Use-Before-Initialization Vulnerabilities in the Linux Kernel Using Targeted Stack Spraying[C]//Network and Distributed System Security Symposium.2017.
[23]WU W,CHEN Y,XU J,et al.FUZE:Towards Facilitating Exploit Generation for Kernel Use-After-Free Vulnerabilities[C]//27th USENIX Security Symposium,USENIX Security 2018.Baltimore,MD,USA:USENIX Association,2018:781-797.
[24]WU W,CHEN Y,XING X,et al.KEPLER:Facilitating Con-trol-flow Hijacking Primitive Evaluation for Linux Kernel Vulnerabilities[C]//28th USENIX Security Symposium,USENIX Security 2019.Santa Clara,CA,USA:USENIX Association,2019:1187-1204.
[25]YUN I,KAPIL D,KIM T.Automatic Techniques to Systematically Discover New Heap Exploitation Primitives[C]//29th USENIX Security Symposium,USENIX Security 2020.USA:USENIX Association,2020:1111-1128.
[26]BABIC D,BUCUR S,CHEN Y,et al.FUDGE:fuzz driver ge-neration at scale[C]//Proceedings of the ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering,ESEC/SIGSOFT FSE 2019.Tallinn,Estonia:ACM,2019:975-985.
[27]ISPOGLOU K K,AUSTIN D,MOHAN V,et al.FuzzGen:Automatic Fuzzer Generation[C]//29th USENIX Security Symposium,USENIX Security 2020.USA:USENIX Association,2020:2271-2287.
[28]libfuzzer[EB/OL].https://llvm.org/docs/LibFuzzer.html.
[29]LI Z,ZOU D,XU S,et al.VulPecker:an automated vulnerability detection system based on code similarity analysis[C]//Proceedings of the 32nd Annual Conference on Computer Security Applications,ACSAC 2016.Los Angeles,CA,USA:ACM,2016:201-213.
[30]ZHEN L,ZOU D,XU S,et al.VulDeePecker:A Deep Learning-Based System for Vulnerability Detection[C]//Network and Distributed System Security Symposium.2018:2224-2236.
[31]QEMU[EB/OL].https://www.qemu.org/.
[32]ImageMagick[EB/OL].https://imagemagick.org/index.php.
[33]Tree-sitter[EB/OL].https://github.com/tree-sitter/tree-sit-ter.
[34]Addr2line[EB/OL].http://sourceware.org/binutils/docs/binutils/addr2line.html.
[1] GUO Ya-lin, LI Xiao-chen, REN Zhi-lei, JIANG He. Study on Effectiveness of Quality Objectives and Non-quality Objectives for Automated Software Refactoring [J]. Computer Science, 2022, 49(11): 55-64.
[2] MENG Fan-yi, WANG Ying, YU Hai, ZHU Zhi-liang. Refactoring of Complex Software Systems Research:PresentProblem and Prospect [J]. Computer Science, 2020, 47(12): 1-10.
[3] SHE Rong-rong, ZHANG Li-ping. Method for Identifying and Recommending Reconstructed Clones Based on Software Evolution History [J]. Computer Science, 2019, 46(8): 224-232.
[4] ZHANG Jing, LI Rui-xuan, TANG Jun-wei, HAN Hong-mu, GU Xi-wu. Collusion Behavior Detection Towards Android Third-party Libraries [J]. Computer Science, 2019, 46(5): 83-91.
[5] ZHANG Li-sheng, ZHANG Yue, LEI Da-jiang,. Feature Model Refactoring Method Based on Semantics [J]. Computer Science, 2019, 46(5): 135-142.
[6] ZHANG Qi-liang, ZHANG Yu and ZHOU Kun. CCodeExtractor:Automatic Approach of Function Extraction for C Programs [J]. Computer Science, 2017, 44(4): 16-20.
[7] WANG Fen, GU Nai-jie and HUANG Zeng-shi. Election Scheme Optimization of Redis Cluster Based on Bully Algorithm [J]. Computer Science, 2017, 44(10): 165-170.
[8] LIU Ying, ZHANG Ming-hui, YANG Wei, LU Zhen-tai, FENG Qian-jin and SU Yu-sheng. Hippocampus Segmentation Based on Spare Coding and Orientation-Scale Descriptor [J]. Computer Science, 2017, 44(1): 314-320.
[9] LIU Yang, LIU Qiu-rong and LIU Hui. Automated Detection of Extract Method Refactorings [J]. Computer Science, 2015, 42(12): 105-107.
[10] ZHANG Yang, ZHANG Dong-wen and QIU Jing. Automated Refactoring Framework for Java Locks [J]. Computer Science, 2015, 42(11): 84-89.
[11] LUO Guo-zhong,YIN Jian-ping and ZHU En. Super-resolution Image Reconstruction Based on Non-local POCS [J]. Computer Science, 2014, 41(8): 47-49.
[12] YIN Xing,ZHOU Jian-xiong and WANG Ming-zhe. Multi-epoch Analysis to Evolution Strategy of Enterprise Cloud Computing Application [J]. Computer Science, 2014, 41(6): 188-192.
[13] LONG Yong-hao,WANG Jia,CHEN Xiang-ping,LI Kai-yuan and OUYANG Chun-xia. Automatic Refactoring of TV Webpage for Optimizing Cost of Browsing [J]. Computer Science, 2014, 41(11): 128-131.
[14] . Computation Tree Logic CTL* Based on Possibility Measure and Possibilistic Bisimulation [J]. Computer Science, 2012, 39(10): 258-263.
[15] LI Bing-xiang,SHEN Li-wei,PENG Xin,ZHAO Wen-yun. Crosscutting Feature Analysis-based Automatic Software Architecture Refactoring Method [J]. Computer Science, 2010, 37(9): 141-146.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.