Publication Type

Conference Proceeding Article

Version

publishedVersion

Publication Date

9-2017

Abstract

Vulnerability becomes a major threat to the security of many systems. Attackers can steal private information and perform harmful actions by exploiting unpatched vulnerabilities. Vulnerabilities often remain undetected for a long time as they may not affect typical systems’ functionalities. Furthermore, it is often difficult for a developer to fix a vulnerability correctly if he/she is not a security expert. To assist developers to deal with multiple types of vulnerabilities, we propose a new tool, called VuRLE, for automatic detection and repair of vulnerabilities. VuRLE (1) learns transformative edits and their contexts (i.e., code characterizing edit locations) from examples of vulnerable codes and their corresponding repaired codes; (2) clusters similar transformative edits; (3) extracts edit patterns and context patterns to create several repair templates for each cluster. VuRLE uses the context patterns to detect vulnerabilities, and customizes the corresponding edit patterns to repair them. We evaluate VuRLE on 279 vulnerabilities from 48 real-world applications. Under 10-fold cross validation, we compare VuRLE with another automatic repair tool, LASE. Our experiment shows that VuRLE successfully detects 183 out of 279 vulnerabilities, and repairs 101 of them, while LASE can only detect 58 vulnerabilities and repair 21 of them.

Keywords

Automated Template Generation, Vulnerability Detection, Automated Program Repair

Discipline

Databases and Information Systems | Information Security

Research Areas

Cybersecurity

Publication

Computer security ESORICS 2017: 22nd European Symposium on Research in Computer Security, Oslo, Norway, September 11-15: Proceedings

Volume

10493

First Page

229

Last Page

246

ISBN

9783319663982

Identifier

10.1007/978-3-319-66399-9_13

Publisher

Springer

City or Country

Cham

Additional URL

https://doi.org/10.1007/978-3-319-66399-9_13

Download

Share

COinS