What is it about?
Insecure code reuse can lead to significant security risks. We introduce LibAM, a novel Area Matching framework that connects isolated functions into function areas on FCG to accurately detect target software reuse code and associate 1-day vulnerabilities.
Featured Image
Photo by Alexander Sinn on Unsplash
Why is it important?
Due to code reuse, vulnerabilities in one software can be propagated to many software. A recent report from Synopsys indicates that a staggering 97% of audited software incorporates at least one TPL and 81% contain at least one known security vulnerability. The actual impact scope of known vulnerabilities due to code reuse often extends far beyond what is reported in the CVE [11] or NVD [ 12] databases. The Heart Bleed vulnerability and the log4j vulnerability are both due to a vulnerability in reused code, resulting in countless software and servers being hacked.
Perspectives
Read the Original
This page is a summary of: LibAM: An Area Matching Framework for Detecting Third-party Libraries in Binaries, ACM Transactions on Software Engineering and Methodology, September 2023, ACM (Association for Computing Machinery),
DOI: 10.1145/3625294.
You can read the full text:
Contributors
The following have contributed to this page