ICSE 2024
Fri 12 - Sun 21 April 2024 Lisbon, Portugal
Fri 19 Apr 2024 16:15 - 16:30 at Eugénio de Andrade - Static Detection Techniques Chair(s): Valentina Lenarduzzi

Cellular network is the infrastructure of mobile communication. Baseband firmware, which carries the implementation of cellular network, has critical security impact on its vulnerabilities. To handle the inherent complexity in cellular communication, cellular protocols are usually implemented as message-centric systems, containing the common message processing phase and message specific handling phase. Though the latter takes most of the code (99.67%) and exposed vulnerabilities (74%), it is rather under-studied: existing detectors either cannot sufficiently analyze it or focused on analyzing the former phase.

To fill this gap, we proposed a novel semantic-enhanced static vulnerability detector named BVFINDER focusing on message specific phase vulnerability detection. Generally, it identifies a vulnerability by locating whether a predefined sensitive memory operation is tainted by any attacker-controllable input. Specifically, to reach high automation and preciseness, it made two key improvements: a semantic-based taint source identification and an enhanced taint propagation. The former semantically searches the registers and memory offsets carrying the attacker-controllable inputs by matching the message and data type they belong to based on the textual features and addressing patterns inside the assemblies, while the latter guarantees effective taint propagation by applying additional indirect call resolution algorithms. The evaluation shows that BVFINDER outperforms the state-of-the-art detectors by detecting three to four times of amount of vulnerabilities in the dataset. Till now, BVFINDER has found four zero-day vulnerabilities, with four CVEs and 12,410 USD bounty assigned. These vulnerabilities can potentially cause remote code execution to phones using Samsung shannon baseband, affecting hundreds of millions of end devices.

Fri 19 Apr

Displayed time zone: Lisbon change

16:00 - 17:30
Static Detection TechniquesSoftware Engineering in Practice / Research Track at Eugénio de Andrade
Chair(s): Valentina Lenarduzzi University of Oulu
16:00
15m
Talk
MalwareTotal: Multi-Faceted and Sequence-Aware Bypass Tactics against Static Malware Detection
Research Track
Shuai He Huazhong University of Science and Technology, Cai Fu Huazhong University of Science and Technology, Hong Hu Pennsylvania State University, Jiahe Chen Huazhong University of Science and Technology, Jianqiang Lv Huazhong University of Science and Technology, Shuai Jiang Huazhong University of Science and Technology
Link to publication
16:15
15m
Talk
Semantic-Enhanced Static Vulnerability Detection in Baseband FirmwareACM SIGSOFT Distinguished Paper Award
Research Track
Yiming Liu Institute of Information Engineering, Chinese Academy of Sciences, Cen Zhang Nanyang Technological University, Feng Li Key Laboratory of Network Assessment Technology, Institute of Information Engineering, Chinese Academy of Sciences, China; School of CyberSpace Security at University of Chinese Academy of Sciences, China, Yeting Li Institute of Information Engineering at Chinese Academy of Sciences; University of Chinese Academy of Sciences, Jianhua Zhou Key Laboratory of Network Assessment Technology, Institute of Information Engineering, Chinese Academy of Sciences, China, Jian Wang Institute of Information Engineering, Chinese Academy of Sciences, Lanlan Zhan Institute of Information Engineering, Chinese Academy of Sciences, Yang Liu Nanyang Technological University, Wei Huo Institute of Information Engineering at Chinese Academy of Sciences
16:30
15m
Talk
CSChecker: Revisiting GDPR and CCPA Compliance of Cookie Banners on the Web
Research Track
Mingxue Zhang Zhejiang University, Wei Meng Chinese University of Hong Kong, You Zhou Zhejiang University, Kui Ren Zhejiang University
16:45
15m
Talk
Raisin: Identifying Rare Sensitive Functions for Bug Detection
Research Track
Jianjun Huang Renmin University of China, Jianglei Nie Renmin University of China, Yuanjun Gong Renmin University of China, Wei You Renmin University of China, Bin Liang Renmin University of China, China, Pan Bian Huawei Technologies CO., LTD., China
17:00
15m
Talk
Broadly Enabling KLEE to Effortlessly Find Unrecoverable Errors in Rust
Software Engineering in Practice
Ying Zhang Virginia Tech, Peng Li Zoox, Yu Ding Google, Wang Lingxiang Microsoft, Dan Williams Virginia Tech, Na Meng Virginia Tech
Pre-print
17:15
15m
Talk
Inference for Ever-Changing Policy of Taint Analysis
Software Engineering in Practice
Wen-Hao Chiang Amazon Web Services, Peixuan Li Amazon Web Services, Qiang Zhou Amazon Web Services, Subarno Banerjee Amazon Web Services, Martin Schäf Amazon Web Services, Yingjun Lyu Amazon Web Services, Hoan Nguyen Amazon Web Services, Omer Tripp Amazon Web Services