Enbindiff: Identifying data-only patches for binaries

摘要: In this article, we focus on data-only patches, a specific type of security patches not incurring any structural changes . As one of the most significant causes leading to false negatives, data-only patches become a fundamental problem that affects all state-of-the-art binary diffing approaches/tools. To this end, we first systematically study data-only patches, and thoroughly illustrate the essence and adverse effect on existing tools. Based on the observations, we further propose and implement a system named EnBinDiff based on Value Set Analysis (VSA) to effectively identify data-only patches. Specifically, EnBinDiff first precisely identifies functions from binaries, and then efficiently locates all “matched” function pairs based on structural binary diffing. After that, EnBinDiff performs data-only patch analysis , including stack frame matching and constant value matching, to identify data-only patches from the matched …