QuickBCC: Quick and Scalable Binary Vulnerable Code Clone Detection

Hajin Jang; Kyeongseok Yang; Geonwoo Lee; Yoonjong Na; Jeremy D. Seideman; Shoufu Luo; Heejo Lee; Sven Dietrich

doi:10.1007/978-3-030-78120-0_5

QuickBCC: Quick and Scalable Binary Vulnerable Code Clone Detection

Hajin Jang, Kyeongseok Yang, Geonwoo Lee, Yoonjong Na, Jeremy D. Seideman, Shoufu Luo, Heejo Lee, Sven Dietrich

Department of Computer Science and Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

3 Citations (Scopus)

Abstract

Due to code reuse among software packages, vulnerabilities can propagate from one software package to another. Current code clone detection techniques are useful for preventing and managing such vulnerability propagation. When the source code for a software package is not available, such as when working with proprietary or custom software distributions, binary code clone detection can be used to examine software for flaws. However, existing binary code clone detectors have scalability issues, or are limited in their accurate detection of vulnerable code clones. In this paper, we introduce QuickBCC, a scalable binary code clone detection framework designed for vulnerability scanning. The framework was built on the idea of extracting semantics from vulnerable binaries both before and after security patches, and comparing them to target binaries. In order to improve performance, we created a signature based on the changes between the pre- and post-patched binaries, and implemented a filtering process when comparing the signatures to the target binaries. In addition, we leverage the smallest semantic unit, a strand, to improve accuracy and robustness against compile environments. QuickBCC is highly optimized, capable of preprocessing 5,439 target binaries within 111 min, and is able to match those binaries against 6 signatures in 23 s when running as a multi-threaded application. QuickBCC takes, on average, 3 ms to match one target binary. Comparing performance to other approaches, we found that it outperformed other approaches in terms of performance when detecting well known vulnerabilities with acceptable level of accuracy.

Original language	English
Title of host publication	ICT Systems Security and Privacy Protection - 36th IFIP TC 11 International Conference, SEC 2021, Proceedings
Editors	Audun Jøsang, Lynn Futcher, Janne Hagen
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	66-82
Number of pages	17
ISBN (Print)	9783030781194
DOIs	https://doi.org/10.1007/978-3-030-78120-0_5
Publication status	Published - 2021
Event	36th IFIP International Conference on ICT Systems Security and Privacy Protection, SEC 2021 - Virtual, Online Duration: 2021 Jun 22 → 2021 Jun 24

Publication series

Name	IFIP Advances in Information and Communication Technology
Volume	625
ISSN (Print)	1868-4238
ISSN (Electronic)	1868-422X

Conference

Conference	36th IFIP International Conference on ICT Systems Security and Privacy Protection, SEC 2021
City	Virtual, Online
Period	21/6/22 → 21/6/24

Keywords

Binary code clone
Patch signature
Security vulnerability
Static analysis

ASJC Scopus subject areas

Information Systems
Computer Networks and Communications
Information Systems and Management

Access to Document

10.1007/978-3-030-78120-0_5

Cite this

Jang, H., Yang, K., Lee, G., Na, Y., Seideman, J. D., Luo, S., Lee, H., & Dietrich, S. (2021). QuickBCC: Quick and Scalable Binary Vulnerable Code Clone Detection. In A. Jøsang, L. Futcher, & J. Hagen (Eds.), ICT Systems Security and Privacy Protection - 36th IFIP TC 11 International Conference, SEC 2021, Proceedings (pp. 66-82). (IFIP Advances in Information and Communication Technology; Vol. 625). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-030-78120-0_5

QuickBCC: Quick and Scalable Binary Vulnerable Code Clone Detection. / Jang, Hajin; Yang, Kyeongseok; Lee, Geonwoo et al.
ICT Systems Security and Privacy Protection - 36th IFIP TC 11 International Conference, SEC 2021, Proceedings. ed. / Audun Jøsang; Lynn Futcher; Janne Hagen. Springer Science and Business Media Deutschland GmbH, 2021. p. 66-82 (IFIP Advances in Information and Communication Technology; Vol. 625).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Jang, H, Yang, K, Lee, G, Na, Y, Seideman, JD, Luo, S, Lee, H & Dietrich, S 2021, QuickBCC: Quick and Scalable Binary Vulnerable Code Clone Detection. in A Jøsang, L Futcher & J Hagen (eds), ICT Systems Security and Privacy Protection - 36th IFIP TC 11 International Conference, SEC 2021, Proceedings. IFIP Advances in Information and Communication Technology, vol. 625, Springer Science and Business Media Deutschland GmbH, pp. 66-82, 36th IFIP International Conference on ICT Systems Security and Privacy Protection, SEC 2021, Virtual, Online, 21/6/22. https://doi.org/10.1007/978-3-030-78120-0_5

Jang H, Yang K, Lee G, Na Y, Seideman JD, Luo S et al. QuickBCC: Quick and Scalable Binary Vulnerable Code Clone Detection. In Jøsang A, Futcher L, Hagen J, editors, ICT Systems Security and Privacy Protection - 36th IFIP TC 11 International Conference, SEC 2021, Proceedings. Springer Science and Business Media Deutschland GmbH. 2021. p. 66-82. (IFIP Advances in Information and Communication Technology). doi: 10.1007/978-3-030-78120-0_5

Jang, Hajin ; Yang, Kyeongseok ; Lee, Geonwoo et al. / QuickBCC : Quick and Scalable Binary Vulnerable Code Clone Detection. ICT Systems Security and Privacy Protection - 36th IFIP TC 11 International Conference, SEC 2021, Proceedings. editor / Audun Jøsang ; Lynn Futcher ; Janne Hagen. Springer Science and Business Media Deutschland GmbH, 2021. pp. 66-82 (IFIP Advances in Information and Communication Technology).

@inproceedings{11f9729b900a48079c8910a7ebc5ef8a,

title = "QuickBCC: Quick and Scalable Binary Vulnerable Code Clone Detection",

abstract = "Due to code reuse among software packages, vulnerabilities can propagate from one software package to another. Current code clone detection techniques are useful for preventing and managing such vulnerability propagation. When the source code for a software package is not available, such as when working with proprietary or custom software distributions, binary code clone detection can be used to examine software for flaws. However, existing binary code clone detectors have scalability issues, or are limited in their accurate detection of vulnerable code clones. In this paper, we introduce QuickBCC, a scalable binary code clone detection framework designed for vulnerability scanning. The framework was built on the idea of extracting semantics from vulnerable binaries both before and after security patches, and comparing them to target binaries. In order to improve performance, we created a signature based on the changes between the pre- and post-patched binaries, and implemented a filtering process when comparing the signatures to the target binaries. In addition, we leverage the smallest semantic unit, a strand, to improve accuracy and robustness against compile environments. QuickBCC is highly optimized, capable of preprocessing 5,439 target binaries within 111 min, and is able to match those binaries against 6 signatures in 23 s when running as a multi-threaded application. QuickBCC takes, on average, 3 ms to match one target binary. Comparing performance to other approaches, we found that it outperformed other approaches in terms of performance when detecting well known vulnerabilities with acceptable level of accuracy.",

keywords = "Binary code clone, Patch signature, Security vulnerability, Static analysis",

author = "Hajin Jang and Kyeongseok Yang and Geonwoo Lee and Yoonjong Na and Seideman, {Jeremy D.} and Shoufu Luo and Heejo Lee and Sven Dietrich",

note = "Funding Information: Acknowledgement. We thank Seongbeom Park for his contribution on the signature generation. This work was supported by the Institute of Information & communications Technology Planning & Evaluation (IITP) grant funded by the Korea government (MSIT) (No. 2019-0-01697, Development of Automated Vulnerability Discovery Technologies for Blockchain Platform Security), the National Research Foundation (NRF), Korea, under project BK21 FOUR, and the Research Foundation City University of New York. Publisher Copyright: {\textcopyright} 2021, IFIP International Federation for Information Processing.; 36th IFIP International Conference on ICT Systems Security and Privacy Protection, SEC 2021 ; Conference date: 22-06-2021 Through 24-06-2021",

year = "2021",

doi = "10.1007/978-3-030-78120-0_5",

language = "English",

isbn = "9783030781194",

series = "IFIP Advances in Information and Communication Technology",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "66--82",

editor = "Audun J{\o}sang and Lynn Futcher and Janne Hagen",

booktitle = "ICT Systems Security and Privacy Protection - 36th IFIP TC 11 International Conference, SEC 2021, Proceedings",

address = "Germany",

}

TY - GEN

T1 - QuickBCC

T2 - 36th IFIP International Conference on ICT Systems Security and Privacy Protection, SEC 2021

AU - Jang, Hajin

AU - Yang, Kyeongseok

AU - Lee, Geonwoo

AU - Na, Yoonjong

AU - Seideman, Jeremy D.

AU - Luo, Shoufu

AU - Lee, Heejo

AU - Dietrich, Sven

N1 - Funding Information: Acknowledgement. We thank Seongbeom Park for his contribution on the signature generation. This work was supported by the Institute of Information & communications Technology Planning & Evaluation (IITP) grant funded by the Korea government (MSIT) (No. 2019-0-01697, Development of Automated Vulnerability Discovery Technologies for Blockchain Platform Security), the National Research Foundation (NRF), Korea, under project BK21 FOUR, and the Research Foundation City University of New York. Publisher Copyright: © 2021, IFIP International Federation for Information Processing.

PY - 2021

Y1 - 2021

N2 - Due to code reuse among software packages, vulnerabilities can propagate from one software package to another. Current code clone detection techniques are useful for preventing and managing such vulnerability propagation. When the source code for a software package is not available, such as when working with proprietary or custom software distributions, binary code clone detection can be used to examine software for flaws. However, existing binary code clone detectors have scalability issues, or are limited in their accurate detection of vulnerable code clones. In this paper, we introduce QuickBCC, a scalable binary code clone detection framework designed for vulnerability scanning. The framework was built on the idea of extracting semantics from vulnerable binaries both before and after security patches, and comparing them to target binaries. In order to improve performance, we created a signature based on the changes between the pre- and post-patched binaries, and implemented a filtering process when comparing the signatures to the target binaries. In addition, we leverage the smallest semantic unit, a strand, to improve accuracy and robustness against compile environments. QuickBCC is highly optimized, capable of preprocessing 5,439 target binaries within 111 min, and is able to match those binaries against 6 signatures in 23 s when running as a multi-threaded application. QuickBCC takes, on average, 3 ms to match one target binary. Comparing performance to other approaches, we found that it outperformed other approaches in terms of performance when detecting well known vulnerabilities with acceptable level of accuracy.

AB - Due to code reuse among software packages, vulnerabilities can propagate from one software package to another. Current code clone detection techniques are useful for preventing and managing such vulnerability propagation. When the source code for a software package is not available, such as when working with proprietary or custom software distributions, binary code clone detection can be used to examine software for flaws. However, existing binary code clone detectors have scalability issues, or are limited in their accurate detection of vulnerable code clones. In this paper, we introduce QuickBCC, a scalable binary code clone detection framework designed for vulnerability scanning. The framework was built on the idea of extracting semantics from vulnerable binaries both before and after security patches, and comparing them to target binaries. In order to improve performance, we created a signature based on the changes between the pre- and post-patched binaries, and implemented a filtering process when comparing the signatures to the target binaries. In addition, we leverage the smallest semantic unit, a strand, to improve accuracy and robustness against compile environments. QuickBCC is highly optimized, capable of preprocessing 5,439 target binaries within 111 min, and is able to match those binaries against 6 signatures in 23 s when running as a multi-threaded application. QuickBCC takes, on average, 3 ms to match one target binary. Comparing performance to other approaches, we found that it outperformed other approaches in terms of performance when detecting well known vulnerabilities with acceptable level of accuracy.

KW - Binary code clone

KW - Patch signature

KW - Security vulnerability

KW - Static analysis

UR - http://www.scopus.com/inward/record.url?scp=85111387350&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-78120-0_5

DO - 10.1007/978-3-030-78120-0_5

M3 - Conference contribution

AN - SCOPUS:85111387350

SN - 9783030781194

T3 - IFIP Advances in Information and Communication Technology

SP - 66

EP - 82

BT - ICT Systems Security and Privacy Protection - 36th IFIP TC 11 International Conference, SEC 2021, Proceedings

A2 - Jøsang, Audun

A2 - Futcher, Lynn

A2 - Hagen, Janne

PB - Springer Science and Business Media Deutschland GmbH

Y2 - 22 June 2021 through 24 June 2021

ER -

QuickBCC: Quick and Scalable Binary Vulnerable Code Clone Detection

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this