What is it about?
Insecure code reuse can lead to significant security risks. We introduce LibAM, a novel Area Matching framework that connects isolated functions into function areas on FCG to accurately detect target software reuse code and associate 1-day vulnerabilities.
Featured Image
Photo by Alexander Sinn on Unsplash
Why is it important?
Due to code reuse, vulnerabilities in one software can be propagated to many software. A recent report from Synopsys indicates that a staggering 97% of audited software incorporates at least one TPL and 81% contain at least one known security vulnerability. The actual impact scope of known vulnerabilities due to code reuse often extends far beyond what is reported in the CVE [11] or NVD [ 12] databases. The Heart Bleed vulnerability and the log4j vulnerability are both due to a vulnerability in reused code, resulting in countless software and servers being hacked.
Perspectives
We find that if one function is reused, its callee functions are also reused. Therefore, diferent from existing works that rely on function granularity matching, we leverage the function call relationships to connect isolated functions into areas on FCG and compare the similarity of these areas rather than single functions to judge reuse.
Siyuan Li
University of the Chinese Academy of Sciences
Read the Original
This page is a summary of: LibAM: An Area Matching Framework for Detecting Third-party Libraries in Binaries, ACM Transactions on Software Engineering and Methodology, September 2023, ACM (Association for Computing Machinery),
DOI: 10.1145/3625294.
You can read the full text:
Contributors
The following have contributed to this page
