1dVul: Discovering 1-Day Vulnerabilities through Binary Patches

Peng, Jiaqi; Li, Feng; Liu, Bingchang; Xu, Lili; Liu, Bing-Hong; Chen, Kai; Huo, Wei

doi:10.1109/dsn.2019.00066

Cited by 19 publications

(30 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We use precision, recall, F-1 score, and accuracy to measure the accuracy of P1OVD. The four evaluation metrics are defined in Equation (1). P1OVD first generates signatures based on O0 optimization and x86_64 architecture and then scans the target binaries with the signatures.…”

Section: Accuracymentioning

confidence: 99%

See 1 more Smart Citation

P1OVD: Patch-Based 1-Day Out-of-Bounds Vulnerabilities Detection Tool for Downstream Binaries

Zhu

et al. 2022

Electronics

View full text Add to dashboard Cite

In the past decades, due to the popularity of cloning open-source software, 1-day vulnerabilities are prevalent among cyber-physical devices. Detection tools for 1-day vulnerabilities effectively protect users who fail to adopt 1-day vulnerability patches in time. However, manufacturers can non-standardly build the binaries from customized source codes to multiple architectures. The code variants in the downstream binaries decrease the accuracy of 1-day vulnerability detections, especially when signatures of out-of-bounds vulnerabilities contain incomplete information of vulnerabilities and patches. Motivated by the above observations, in this paper, we propose P1OVD, an effective patch-based 1-day out-of-bounds vulnerability detection tool for downstream binaries. P1OVD first generates signatures containing patch information and vulnerability root cause information. Then, P1OVD uses an accurate and robust matching algorithm to scan target binaries. We have evaluated P1OVD on 104 different versions of 30 out-of-bounds vulnerable functions and 620 target binaries in six different compilation environments. The results show that P1OVD achieved an accuracy of 83.06%. Compared to the widely used patch-level vulnerability detection tool ReDeBug, P1OVD ignores 4.07 unnecessary lines on average. The experiments on the x86_64 platform and the O0 optimization show that P1OVD increases the accuracy of the state-of-the-art tool, BinXray, by 8.74%. Besides, it can analyze a single binary in 4 s after a 20-s offline signature extraction on average.

show abstract

Section: Accuracymentioning

confidence: 99%

“…Vulnerabilities acknowledged by vendors are called 1-day vulnerabilities and are often fixed by upstream software developers using security patches [1]. In the past decades, 1-day vulnerabilities are widely spread among cyber-physical devices due to the popularity of open-source software cloning [2].…”

Section: Introductionmentioning

confidence: 99%

P1OVD: Patch-Based 1-Day Out-of-Bounds Vulnerabilities Detection Tool for Downstream Binaries

Zhu

et al. 2022

Electronics

View full text Add to dashboard Cite

show abstract

“…Digfuzz [21] proposed a probabilistic path prioritization model to estimate the probability of exercising each path and prioritized them for concolic execution. Peng et al [22] leveraged a distance-based directed fuzzing and a dominator-based directed symbolic execution mechanism to discover 1-day vulnerabilities in binary patches. SAVIOR [23] prioritized the concolic execution of the seeds which can uncover more vulnerabilities.…”

Section: Seed Mutationmentioning

confidence: 99%

StFuzzer: Contribution-Aware Coverage-Guided Fuzzing for Smart Devices

Yang¹,

Xin-guo²,

Lu³

et al. 2021

Security and Communication Networks

View full text Add to dashboard Cite

The root cause of the insecurity for smart devices is the potential vulnerabilities in smart devices. There are many approaches to find the potential bugs in smart devices. Fuzzing is the most effective vulnerability finding technique, especially the coverage-guided fuzzing. The coverage-guided fuzzing identifies the high-quality seeds according to the corresponding code coverage triggered by these seeds. Existing coverage-guided fuzzers consider that the higher the code coverage of seeds, the greater the probability of triggering potential bugs. However, in real-world applications running on smart devices or the operation system of the smart device, the logic of these programs is very complex. Basic blocks of these programs play a different role in the process of application exploration. This observation is ignored by existing seed selection strategies, which reduces the efficiency of bug discovery on smart devices. In this paper, we propose a contribution-aware coverage-guided fuzzing, which estimates the contributions of basic blocks for the process of smart device exploration. According to the control flow of the target on any smart device and the runtime information during the fuzzing process, we propose the static contribution of a basic block and the dynamic contribution built on the execution frequency of each block. The contribution-aware optimization approach does not require any prior knowledge of the target device, which ensures our optimization adapting gray-box fuzzing and white-box fuzzing. We designed and implemented a contribution-aware coverage-guided fuzzer for smart devices, called StFuzzer. We evaluated StFuzzer on four real-world applications that are often applied on smart devices to demonstrate the efficiency of our contribution-aware optimization. The result of our trials shows that the contribution-aware approach significantly improves the capability of bug discovery and obtains better execution speed than state-of-the-art fuzzers.

show abstract

“…A new approach to boost the efficacy of a directed testinput generation was proposed by 1dVul [100]. It utilizes "a distance-based directed fuzzing", and "dominator-based directed SE" systems [100]. Using binary patches, 1dVul detects one-day software vulnerabilities.…”

Section: ) Mutation-based Hybrid Fuzzersmentioning

confidence: 99%

“…MEUZZ [96] KLUZZER [84] LibKluzzer [86] Map2Check [88] KleeFL [90] Berry [98] BugMiner [146] DrillerGo [99] 1dVul [100] FFUZ [101] Breacher [108] S2F [136] Angora [120] Pangolin [139] Driller [6] DeepFuzz [135] Zhang et. al.…”

Section: Hfs In Various Areasmentioning

confidence: 99%

Exploratory Review of Hybrid Fuzzing for Automated Vulnerability Detection

Rustamov

Kim

et al. 2021

IEEE Access

View full text Add to dashboard Cite

Recently, software testing has become a significant component of information security. The most reliable technique for automated software testing is a fuzzing tool that feeds programs with random test-input and detects software vulnerabilities that are critical to security. Similarly, symbolic execution has gained the most attention as an efficient testing tool for producing smart test-inputs and discovering hardto-reach bugs using search-based heuristics and compositional approaches. The combination of fuzzing and symbolic execution makes software testing more efficient by mitigating the limitations in each other. Although several studies have been conducted on hybrid fuzzing in recent years, a comprehensive and consistent review of hybrid fuzzing techniques has not been explored. To add coherence to the extensive literature on hybrid fuzzing and to make it reach a large audience, this study provides an overview of key concepts along with the taxonomy of existing hybrid fuzzing tools, problems, and solutions that have been developed in this sphere. It also includes evaluations of the proposed approaches and a number of suggestions for the development of hybrid fuzzing in the future.

show abstract

1dVul: Discovering 1-Day Vulnerabilities through Binary Patches

Cited by 19 publications

References 19 publications

P1OVD: Patch-Based 1-Day Out-of-Bounds Vulnerabilities Detection Tool for Downstream Binaries

P1OVD: Patch-Based 1-Day Out-of-Bounds Vulnerabilities Detection Tool for Downstream Binaries

StFuzzer: Contribution-Aware Coverage-Guided Fuzzing for Smart Devices

Exploratory Review of Hybrid Fuzzing for Automated Vulnerability Detection

Contact Info

Product

Resources

About