Write a Blog >>
ISSTA 2020
Sat 18 - Wed 22 July 2020
Wed 22 Jul 2020 10:50 - 11:10 at Zoom - BINARY ANALYSIS Chair(s): Junaid Haroon Siddiqui

The binary-level function matching has been widely used to detect whether there are 1-day vulnerabilities in released programs.However, the high false positive is a challenge for current function matching solutions, since the vulnerable function is highly similar to its corresponding patched version.In this paper, the Binary X-Ray (BinXray), a patch based vulnerability matching approach, is proposed to identify the specific 1-day vulnerabilities in target programs accurately and effectively. In the preparing step, a basic block mapping algorithm is designed to extract the signature of a patch, by comparing the given vulnerable and patched programs. The signature is represented as a set of basic block traces. In the detection step, the patching semantics is applied to reduce irrelevant basic block traces to speed up the signature searching. The trace similarity is also designed to identify whether a target program is patched. In experiments, 12 real software projects related to 479 CVEs are collected. BinXray achieves 93.31% accuracy and the analysis speed is only 296.17ms per function, outperforming the state-of-the-art works.

Wed 22 Jul
Times are displayed in time zone: (GMT-07:00) Tijuana, Baja California change

10:50 - 11:50: BINARY ANALYSISTechnical Papers at Zoom
Chair(s): Junaid Haroon SiddiquiLahore University of Management Sciences

Public Live Stream/Recording. Registered participants should join via the Zoom link distributed in Slack.

10:50 - 11:10
Talk
Technical Papers
Yifei Xu, Zhengzi Xu, Bihuan ChenFudan University, Fu Song, Yang LiuNanyang Technological University, Singapore, Ting LiuXi'an Jiaotong University
DOI Media Attached
11:10 - 11:30
Talk
Technical Papers
George FourtounisUniversity of Athens, Leonidas TriantafyllouUniversity of Athens, Yannis SmaragdakisUniversity of Athens, Greece
DOI Media Attached
11:30 - 11:50
Talk
Technical Papers
Muhui Jiang, Yajin ZhouZhejiang University, Xiapu LuoThe Hong Kong Polytechnic University, Ruoyu Wang, Yang LiuNanyang Technological University, Singapore, Kui Ren
DOI