HOME > Detail View

Detail View

Software vulnerability discovery using code clone verification

Software vulnerability discovery using code clone verification

Material type
학위논문
Personal Author
李宏哲
Title Statement
Software vulnerability discovery using code clone verification / Hongzhe Li
Publication, Distribution, etc
Seoul :   Graduate School, Korea University,   2017  
Physical Medium
v, 54장 : 도표 ; 26 cm
기타형태 저록
Software Vulnerability Discovery using Code Clone Verification   (DCOLL211009)000000071582  
학위논문주기
학위논문(박사)-- 고려대학교 대학원: 컴퓨터·전파통신공학과, 2017. 2
학과코드
0510   6YD36   318  
General Note
지도교수: 李喜造  
Bibliography, Etc. Note
참고문헌: 장 50-54
이용가능한 다른형태자료
PDF 파일로도 이용가능;   Requires PDF file reader(application/pdf)  
비통제주제어
Software Vulnerability , Code Clone , Concolic Testing , Vulnerability Verification,,
000 00000nam c2200205 c 4500
001 000045897597
005 20170329135050
007 ta
008 161226s2017 ulkd bmAC 000c eng
040 ▼a 211009 ▼c 211009 ▼d 211009
085 0 ▼a 0510 ▼2 KDCP
090 ▼a 0510 ▼b 6YD36 ▼c 318
100 1 ▼a 李宏哲
245 1 0 ▼a Software vulnerability discovery using code clone verification / ▼d Hongzhe Li
260 ▼a Seoul : ▼b Graduate School, Korea University, ▼c 2017
300 ▼a v, 54장 : ▼b 도표 ; ▼c 26 cm
500 ▼a 지도교수: 李喜造
502 1 ▼a 학위논문(박사)-- ▼b 고려대학교 대학원: ▼c 컴퓨터·전파통신공학과, ▼d 2017. 2
504 ▼a 참고문헌: 장 50-54
530 ▼a PDF 파일로도 이용가능; ▼c Requires PDF file reader(application/pdf)
653 ▼a Software Vulnerability ▼a Code Clone ▼a Concolic Testing ▼a Vulnerability Verification
776 0 ▼t Software Vulnerability Discovery using Code Clone Verification ▼w (DCOLL211009)000000071582
900 1 0 ▼a Li, Hongzhe, ▼e
900 1 0 ▼a 李宏哲
900 1 0 ▼a 이희조 ▼g 李喜造, ▼e 지도교수
945 ▼a KLPA

Electronic Information

No. Title Service
1
Software vulnerability discovery using code clone verification (38회 열람)
View PDF Abstract Table of Contents

Holdings Information

No. Location Call Number Accession No. Availability Due Date Make a Reservation Service
No. 1 Location Science & Engineering Library/Stacks(Thesis)/ Call Number 0510 6YD36 318 Accession No. 123055705 Availability Available Due Date Make a Reservation Service B M

Contents information

Abstract

  Software vulnerability has long been considered an important threat to the system safety and its growth rate is increasing rapidly on yearly basis.
In theory, detecting and removing vulnerabilities before the code gets ever deployed can greatly ensure the quality of software released. However, due to the enormous amount of code being developed as well as the lack of human resource and expertise, severe vulnerabilities still remain concealed or cannot be revealed effectively. 
  Current source code auditing approaches for vulnerability discovery either generate too many false positives or require overwhelming manual efforts to report actual software flaws. While dynamic execution analysis methods can precisely report vulnerabilities, they are ineffective in path exploration, which limits them to scale to large programs. With the purpose of detecting vulnerability in a scalable and automated way with more preciseness, in this paper, we propose a novel mechanism, called software vulnerability discovery using Code Clone Verification (CLORIFI), which scalably discovers vulnerabilities in real world programs using code clone verification.
  CLORIFI uses a fast and scalable syntax-based way to find code clones as vulnerability candidates in program source codes based on released security patches. Subsequently, program source code is being instrumented by the leverage of CIL for vulnerability verification. Finally, code clones are being verified using concolic testing to verify and report the existence of an actual vulnerability. Experiments have been conducted with real-world open-source projects (recent Linux OS distributions and program packages). As a result, we found 7 real vulnerabilities out of 63 code clones from Ubuntu 14.04 LTS (Canonical, London, UK) and 10 vulnerabilities out of 40 code clones from CentOS 7.0 (The CentOS Project (community contributed)). Besides, we performed experiments with nearly 4000 test cases from Juliet Test Suite. The results show that our system can verify over 90% of test cases and it reports buffer overflow flaws with Precision = 100% (0 FP) and Recall = 94.91 %.  In addition, the experiments with other types of vulnerability test cases in Juliet Test Suite indicates the extendability of the mechanism to cover more types of vulnerabilities.

Table of Contents

1. Introduction
1.1 Motivation
1.2 Contributions
1.3 Dissertation Overview
2. Related Work
2.1 Static Code Auditing
2.2 Dynamic Execution
2.3 Symbolic and Concolic Execution
3. The Mechanism: CLORIFI
3.1 Finding Code Clones
3.2 Automated Instrumentation
3.2.1 Code Transformation(CIL)
3.2.2 Identification of Security Sinks and Sensitive Variables
3.2.3 Backward Data Tracing
3.2.4 Instrumentation of Source Code
3.3 Code Clone Verification using Concolic Testing
4. Evaluation Results
4.1 Experiemental Setup and Implementation
4.1.1 Environment
4.1.2 Dataset
4.2 Experimental Results
4.2.1 Detection results of different source pools (SP1 to SP6)
4.2.2 Comparison with conventional concolic testing
4.3 Evaluation of Vulnerability Verification
4.4 Extendabiltiy of the mechanism
5. Discussion
5.1 Threats to validity
5.2 False positive and false negative insights
5.3 Future research directions
6. Conclusion

New Arrivals Books in Related Fields