AutoPaG: towards automated software patch generation with source code root cause identification and repair
作者: Xuxian Jiang , Li Xie , Bing Mao , Dongyan Xu , Zhiqiang Lin
关键词:
摘要: Software patch generation is a critical phase in the life-cycle of software vulnerability. The longer it takes to generate patch, higher risk vulnerable system needs take avoid from being compromised. However, practice, rather lengthy process and release patches. For example, analysis on 10 recent Microsoft patches (MS06-045 MS06-054) shows that, for an identified vulnerability, took 75 days average patch.In this paper, we present design, implementation, evaluation AutoPaG, that aims at reducing time needed generation. In our current work, mainly focus common serious type vulnerability: out-of-bound vulnerability which includes buffer overflows general boundary condition errors. Given working exploit may be previously unknown, AutoPaG able catch fly violation, then, based data flow analysis, automatically analyzes program source code identifies root cause - source-level statements. Furthermore, within seconds, generates fine-grained temporarily fix without any human intervention. We have built proof-of-concept Linux preliminary results are promising: successfully identify seconds every test Wilander's overflow benchmark test-suite. addition, with number real-world exploits also demonstrates its effectiveness practicality identifying (vulnerable) causes generating corresponding
acm.org
sci-hub.se 参考文章(36)
Brad Karp, Hyang-Ah Kim, Autograph: toward automated, distributed worm signature detection usenix security symposium. pp. 19- 19 ,(2004)
G. Portokalidis, H.J. Bos, J.M. Slowinska, Argos: an Emulator for Fingerprinting Zero-Day Attacks ,(2006)
Tzi-cker Chiueh, Alexey Smirnov, DIRA: Automatic Detection, Identification and Repair of Control-Hijacking Attacks. network and distributed system security symposium. ,(2005)
Paul H. J. Kelly, Richard W. M. Jones, Backwards-Compatible Bounds Checking for Arrays and Pointers in C Programs Proceedings of the 3rd International Workshop on Automatic Debugging; 1997 (AADEBUG-97). pp. 13- 26 ,(1997)
Michael E. Locasto, Angelos D. Keromytis, Stelios Sidiroglou, Stephen W. Boyd, Building a reactive immune system for software services usenix annual technical conference. pp. 11- 11 ,(2005) , 10.7916/D86D6562
Martin Rinard, Cristian Cadar, William S. Beebee, Daniel M. Roy, Tudor Leu, Daniel Dumitran, Enhancing server availability and security through failure-oblivious computing operating systems design and implementation. pp. 21- 21 ,(2004)
Monica S. Lam, Olatunji Ruwase, A practical dynamic buffer overflow detector network and distributed system security symposium. pp. 159- 169 ,(2004)
Daniel C. DuVarney, Sandeep Bhatkar, R. Sekar, Address obfuscation: an efficient approach to combat a board range of memory error exploits usenix security symposium. pp. 8- 8 ,(2003)
Eugene J. Rollins, Daniel Jackson, Chopping: A Generalization of Slicing Carnegie Mellon University. ,(1994)
Mariam Kamkar, John Wilander, A Comparison of Publicly Available Tools for Dynamic Buffer Overflow Prevention network and distributed system security symposium. pp. 149- ,(2003)