| Vulnerabilities detection is a long-standing topic in software development.Pattern-based method is a practical way to detect taint-style vulnerabilities.Most of the methods extract the vulnerability patterns from the code base,however,sometimes missing the vulnerability patterns and resulting some vulnerabilities undiscovered.The security patches contain the valuable information about the vulnerabilities.To compensate the inherent incompleteness of pattern matching,in this thesis,we propose an approach to infer patterns with the security information carried on the security patches.In this thesis,the taint-style vulnerability is described as a 3-tuples(Ssrc,Ssan,Ssin k),which consist with sourcesSsr c,sanitizationSsan and sinksSsink.For each pair of vulnerable and patched programs,we firstly extract the sanitizations from the changes between the vulnerable code and corresponding patches,infer the sinks with the impact analysis,and determine the sources through the backward traversal on the control flow graph.Then we compute the strict prefix of the path,which from the taint source node and can reach the sink node through the sanitizations node,to filter the unchanged 3-tuples.Finally,the complete-linkage clustering method is applied on the the extracted triples to summary the patterns.We evaluate our method with open source projects.The results show our method is effective:1)our method infers vulnerability patterns for taint-style vulnerabilities;2)compared with the method inferring patterns from code base,new patterns are discovered;3)the inferred patterns are applied to search the similar vulnerabilities successfully.The approach this thesis proposed,leveraging the security information extracted from the security patches to guide the vulnerabilities discovered,has built the bridge from the patch understanding to the vulnerability discovery.And the pattern library has been updated with the release of the patch,which is a supplement to the existing vulnerability patterns. |
PDF Full Text Request