PS3: Precise patch presence test based on semantic symbolic signature

Author

Qi ZHAN
Xing HU
Zhiyang LI
Xin XIA
David LO, Singapore Management UniversityFollow
Shanping LI

Publication Type

Conference Proceeding Article

Version

publishedVersion

Publication Date

4-2024

Abstract

During software development, vulnerabilities have posed a significant threat to users. Patches are the most effective way to combat vulnerabilities. In a large-scale software system, testing the presence of a security patch in every affected binary is crucial to ensure system security. Identifying whether a binary has been patched for a known vulnerability is challenging, as there may only be small differences between patched and vulnerable versions. Existing approaches mainly focus on detecting patches that are compiled in the same compiler options. However, it is common for developers to compile programs with very different compiler options in different situations, which causes inaccuracy for existing methods. In this paper, we propose a new approach named PS3, referring to precise patch presence test based on semantic-level symbolic signature. PS3 exploits symbolic emulation to extract signatures that are stable under different compiler options. Then PS3 can precisely test the presence of the patch by comparing the signatures between the reference and the target at semantic level.To evaluate the effectiveness of our approach, we constructed a dataset consisting of 3,631 (CVE, binary) pairs of 62 recent CVEs in four C/C++ projects. The experimental results show that PS3 achieves scores of 0.82, 0.97, and 0.89 in terms of precision, recall, and F1 score, respectively. PS3 outperforms the state-of-the-art baselines by improving 33% in terms of F1 score and remains stable in different compiler options.

Keywords

Patch presence test, Binary analysis, Software security

Discipline

Software Engineering

Research Areas

Software and Cyber-Physical Systems

Publication

ICSE '24: Proceedings of the IEEE/ACM 46th International Conference on Software Engineering, Lisbon, Portugal, April 14-20

First Page

1

Last Page

12

ISBN

9798400702174

Identifier

10.1145/3597503.3639134

Publisher

ACM

City or Country

New York

Citation

ZHAN, Qi; HU, Xing; LI, Zhiyang; XIA, Xin; LO, David; and LI, Shanping. PS3: Precise patch presence test based on semantic symbolic signature. (2024). ICSE '24: Proceedings of the IEEE/ACM 46th International Conference on Software Engineering, Lisbon, Portugal, April 14-20. 1-12.
Available at: https://ink.library.smu.edu.sg/sis_research/9251

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.

Additional URL

https://doi.org/10.1145/3597503.3639134