TY - GEN
T1 - QuickBCC
T2 - 36th IFIP International Conference on ICT Systems Security and Privacy Protection, SEC 2021
AU - Jang, Hajin
AU - Yang, Kyeongseok
AU - Lee, Geonwoo
AU - Na, Yoonjong
AU - Seideman, Jeremy D.
AU - Luo, Shoufu
AU - Lee, Heejo
AU - Dietrich, Sven
N1 - Funding Information:
Acknowledgement. We thank Seongbeom Park for his contribution on the signature generation. This work was supported by the Institute of Information & communications Technology Planning & Evaluation (IITP) grant funded by the Korea government (MSIT) (No. 2019-0-01697, Development of Automated Vulnerability Discovery Technologies for Blockchain Platform Security), the National Research Foundation (NRF), Korea, under project BK21 FOUR, and the Research Foundation City University of New York.
Publisher Copyright:
© 2021, IFIP International Federation for Information Processing.
PY - 2021
Y1 - 2021
N2 - Due to code reuse among software packages, vulnerabilities can propagate from one software package to another. Current code clone detection techniques are useful for preventing and managing such vulnerability propagation. When the source code for a software package is not available, such as when working with proprietary or custom software distributions, binary code clone detection can be used to examine software for flaws. However, existing binary code clone detectors have scalability issues, or are limited in their accurate detection of vulnerable code clones. In this paper, we introduce QuickBCC, a scalable binary code clone detection framework designed for vulnerability scanning. The framework was built on the idea of extracting semantics from vulnerable binaries both before and after security patches, and comparing them to target binaries. In order to improve performance, we created a signature based on the changes between the pre- and post-patched binaries, and implemented a filtering process when comparing the signatures to the target binaries. In addition, we leverage the smallest semantic unit, a strand, to improve accuracy and robustness against compile environments. QuickBCC is highly optimized, capable of preprocessing 5,439 target binaries within 111 min, and is able to match those binaries against 6 signatures in 23 s when running as a multi-threaded application. QuickBCC takes, on average, 3 ms to match one target binary. Comparing performance to other approaches, we found that it outperformed other approaches in terms of performance when detecting well known vulnerabilities with acceptable level of accuracy.
AB - Due to code reuse among software packages, vulnerabilities can propagate from one software package to another. Current code clone detection techniques are useful for preventing and managing such vulnerability propagation. When the source code for a software package is not available, such as when working with proprietary or custom software distributions, binary code clone detection can be used to examine software for flaws. However, existing binary code clone detectors have scalability issues, or are limited in their accurate detection of vulnerable code clones. In this paper, we introduce QuickBCC, a scalable binary code clone detection framework designed for vulnerability scanning. The framework was built on the idea of extracting semantics from vulnerable binaries both before and after security patches, and comparing them to target binaries. In order to improve performance, we created a signature based on the changes between the pre- and post-patched binaries, and implemented a filtering process when comparing the signatures to the target binaries. In addition, we leverage the smallest semantic unit, a strand, to improve accuracy and robustness against compile environments. QuickBCC is highly optimized, capable of preprocessing 5,439 target binaries within 111 min, and is able to match those binaries against 6 signatures in 23 s when running as a multi-threaded application. QuickBCC takes, on average, 3 ms to match one target binary. Comparing performance to other approaches, we found that it outperformed other approaches in terms of performance when detecting well known vulnerabilities with acceptable level of accuracy.
KW - Binary code clone
KW - Patch signature
KW - Security vulnerability
KW - Static analysis
UR - http://www.scopus.com/inward/record.url?scp=85111387350&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-78120-0_5
DO - 10.1007/978-3-030-78120-0_5
M3 - Conference contribution
AN - SCOPUS:85111387350
SN - 9783030781194
T3 - IFIP Advances in Information and Communication Technology
SP - 66
EP - 82
BT - ICT Systems Security and Privacy Protection - 36th IFIP TC 11 International Conference, SEC 2021, Proceedings
A2 - Jøsang, Audun
A2 - Futcher, Lynn
A2 - Hagen, Janne
PB - Springer Science and Business Media Deutschland GmbH
Y2 - 22 June 2021 through 24 June 2021
ER -