Patch presence test is critical in software security to ensure that binary files have been patched for known vulnerabilities. It is challenging due to the semantic gap between the source code and the binary, and the small and subtle nature of patches. In this paper, we propose REACT, the first patch presence test approach on IR-level. Based on the IR code compiled from the source code and the IR code lifted from the binary, we first extract four types of feature (return value, condition, function call, and memory store) by executing the program symbolically. Then, we refine the features of the source code and rank them. Finally, we match them with the features of the target to determine the presence of a patch with an SMT solver to check the equivalence of features at the semantic level.
To evaluate our approach, we compare it with state-of-the-art approaches, BinXray and PS3, on a dataset containing binaries compiled from different compilers and optimization levels. Our experimental results show that REACT achieves scores of 0.88, 0.98, and 0.93, in terms of precision, recall, and F1 score, respectively. REACT outperforms the baselines by 39% and 12% in terms of the F1 score, while the pure testing speed of our approach is 2x faster than BinXray and 100x faster than PS3. Furthermore, we conduct an ablation study to evaluate the effectiveness of each component in REACT, which shows that SMT solver and refinement can contribute to 16% and 10% improvement in terms of the F1 score, respectively.
Tue 29 OctDisplayed time zone: Pacific Time (US & Canada) change
10:30 - 12:00 | Vulnerability and security1Research Papers / Tool Demonstrations at Gardenia Chair(s): Curtis Atkisson UW | ||
10:30 15mTalk | REACT: IR-Level Patch Presence Test for Binary Research Papers Qi Zhan Zhejiang University, Xing Hu Zhejiang University, Xin Xia Huawei, Shanping Li Zhejiang University | ||
10:45 15mTalk | Snopy: Bridging Sample Denoising with Causal Graph Learning for Effective Vulnerability Detection Research Papers Sicong Cao Yangzhou University, Xiaobing Sun Yangzhou University, Xiaoxue Wu Yangzhou University, David Lo Singapore Management University, Lili Bo Yangzhou University, Bin Li Yangzhou University, Xiaolei Liu China Academy of Engineering Physics, Xingwei Lin Zhejiang University, Wei Liu Nanjing University Media Attached | ||
11:00 15mTalk | Unveiling the Characteristics and Impact of Security Patch Evolution Research Papers Zifan Xie Huazhong University of Science and Technology, Ming Wen Huazhong University of Science and Technology, Zichao Wei Huazhong University of Science and Technology, Hai Jin Huazhong University of Science and Technology Media Attached | ||
11:15 15mTalk | Compositional Security Analysis of Dynamic Component-based Systems Research Papers | ||
11:30 15mTalk | Vision: Identifying Affected Library Versions for Open Source Software Vulnerabilities Research Papers Susheng Wu Fudan University, Ruisi Wang Fudan University, Kaifeng Huang Tongji University, Yiheng Cao Fudan University, Wenyan Song Fudan University, Zhuotong Zhou Fudan University, China, Yiheng Huang Fudan University, Bihuan Chen Fudan University, Xin Peng Fudan University Media Attached | ||
11:45 10mTalk | VulZoo: A Comprehensive Vulnerability Intelligence Dataset Tool Demonstrations Bonan Ruan National University of Singapore, Jiahao Liu National University of Singapore, Weibo Zhao National University of Singapore, Zhenkai Liang National University of Singapore | ||