Osprey: A fast and accurate patch presence test framework for binaries

Sun, Peiyuan; Yan, Qiben; Zhou, Haoyi; Li, Jianxin

doi:10.1016/j.comcom.2021.03.011

Cited by 11 publications

(12 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…PS 3 can work with various architectures, since we can access the source code and compile it into the corresponding binaries. Angr is an open source binary program analysis framework in Python and has been used extensively in binary analysis [8,17,22], as well as patch presence test [23,33,37]. We use Z3 [15] to simplify the expression and calculation of the stack address offset to ensure that the memory mapping is more precise.…”

Section: Methodsmentioning

confidence: 99%

“…The four projects involved cryptographic protocols, video processing, packet and xml analyzer. They are widely used in studies on vulnerability matching and patch presence testing [33,36]. We only consider these four popular C/C++ projects in our experiments, although the method we proposed is general for compiled language.…”

Section: Datasetmentioning

confidence: 99%

“…Similarity-based approaches [23,35,36] extract information from reference binaries, then measure similarity to the target binary and decide the presence of patches based on similarity between two reference to target. Signature-based approaches [33,37] extract signatures from modification and attempt to verify their existence in the target. Both the two types of approach rely heavily on syntactic information.…”

Section: Introductionmentioning

confidence: 99%

“…Many works have been proposed [23,33,[35][36][37] to automate patch presence test. These approaches can be divided into two groups: similarity-based and signature-based.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

PS3: Precise Patch Presence Test based on Semantic Symbolic Signature

Zhan,

Hu,

et al. 2024

Proceedings of the IEEE/ACM 46th International Conference on Software Engineering

View full text Add to dashboard Cite

During software development, vulnerabilities have posed a significant threat to users. Patches are the most effective way to combat vulnerabilities. In a large-scale software system, testing the presence of a security patch in every affected binary is crucial to ensure system security. Identifying whether a binary has been patched for a known vulnerability is challenging, as there may only be small differences between patched and vulnerable versions. Existing approaches mainly focus on detecting patches that are compiled in the same compiler options. However, it is common for developers to compile programs with very different compiler options in different situations, which causes inaccuracy for existing methods. In this paper, we propose a new approach named PS 3 , referring to precise patch presence test based on semantic-level symbolic signature. PS 3 exploits symbolic emulation to extract signatures that are stable under different compiler options. Then PS 3 can precisely test the presence of the patch by comparing the signatures between the reference and the target at semantic level.To evaluate the effectiveness of our approach, we constructed a dataset consisting of 3,631 (CVE, binary) pairs of 62 recent CVEs in four C/C++ projects. The experimental results show that PS 3 achieves scores of 0.82, 0.97, and 0.89 in terms of precision, recall, and F1 score, respectively. PS 3 outperforms the state-of-the-art baselines by improving 33% in terms of F1 score and remains stable in different compiler options.

show abstract

Section: Methodsmentioning

confidence: 99%

Section: Datasetmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

“…Many works have been proposed [23,33,[35][36][37] to automate patch presence test. These approaches can be divided into two groups: similarity-based and signature-based.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

PS3: Precise Patch Presence Test based on Semantic Symbolic Signature

Zhan,

Hu,

et al. 2024

Proceedings of the IEEE/ACM 46th International Conference on Software Engineering

View full text Add to dashboard Cite

show abstract

“…Additionally, many studies aim to better identify the causes of security vulnerabilities in binary. [17], [18] enabled finding similar patches or vulnerabilities in different binaries by identifying code portions changed by a binary patch through basic block analysis. [19] detected software vulnerabilities in the binary codes of patched and unpatched programs using the patch diffing technology.…”

Section: Binary Patchmentioning

confidence: 99%

Effective Memory Diversification in Legacy Systems

Yun

Jang

2023

Int. j. electr. comput. eng. syst. (Online)

View full text Add to dashboard Cite

Memory corruption error is one of the critical security attack vectors against a wide range of software. Addressing this problem, modern compilers provide multiple features to fortify the software against such errors. However, applying compiler-based memory defense is problematic in legacy systems we often encounter in industry or military environments because source codes are unavailable. In this study, we propose memory diversification techniques tailored for legacy binaries to which we cannot apply state-of- the-art compiler-based solutions. The basic idea of our approach is to automatically patch the machine code instructions of each legacy system differently (e.g., a drone, or a vehicle firmware) without altering any semantic behavior of the software logic. As a result of our system, attackers must create a specific attack payload for each target by analyzing the particular firmware, thus significantly increasing exploit development time and cost. Our approach is evaluated by applying it to a stack and heap of multiple binaries, including PX4 drone firmware and other Linux utilities.

show abstract