2,830 research outputs found
IntRepair: Informed Repairing of Integer Overflows
Integer overflows have threatened software applications for decades. Thus, in
this paper, we propose a novel technique to provide automatic repairs of
integer overflows in C source code. Our technique, based on static symbolic
execution, fuses detection, repair generation and validation. This technique is
implemented in a prototype named IntRepair. We applied IntRepair to 2,052C
programs (approx. 1 million lines of code) contained in SAMATE's Juliet test
suite and 50 synthesized programs that range up to 20KLOC. Our experimental
results show that IntRepair is able to effectively detect integer overflows and
successfully repair them, while only increasing the source code (LOC) and
binary (Kb) size by around 1%, respectively. Further, we present the results of
a user study with 30 participants which shows that IntRepair repairs are more
than 10x efficient as compared to manually generated code repairsComment: Accepted for publication at the IEEE TSE journal. arXiv admin note:
text overlap with arXiv:1710.0372
Talos: Neutralizing Vulnerabilities with Security Workarounds for Rapid Response
Considerable delays often exist between the discovery of a vulnerability and
the issue of a patch. One way to mitigate this window of vulnerability is to
use a configuration workaround, which prevents the vulnerable code from being
executed at the cost of some lost functionality -- but only if one is
available. Since program configurations are not specifically designed to
mitigate software vulnerabilities, we find that they only cover 25.2% of
vulnerabilities.
To minimize patch delay vulnerabilities and address the limitations of
configuration workarounds, we propose Security Workarounds for Rapid Response
(SWRRs), which are designed to neutralize security vulnerabilities in a timely,
secure, and unobtrusive manner. Similar to configuration workarounds, SWRRs
neutralize vulnerabilities by preventing vulnerable code from being executed at
the cost of some lost functionality. However, the key difference is that SWRRs
use existing error-handling code within programs, which enables them to be
mechanically inserted with minimal knowledge of the program and minimal
developer effort. This allows SWRRs to achieve high coverage while still being
fast and easy to deploy.
We have designed and implemented Talos, a system that mechanically
instruments SWRRs into a given program, and evaluate it on five popular Linux
server programs. We run exploits against 11 real-world software vulnerabilities
and show that SWRRs neutralize the vulnerabilities in all cases. Quantitative
measurements on 320 SWRRs indicate that SWRRs instrumented by Talos can
neutralize 75.1% of all potential vulnerabilities and incur a loss of
functionality similar to configuration workarounds in 71.3% of those cases. Our
overall conclusion is that automatically generated SWRRs can safely mitigate
2.1x more vulnerabilities, while only incurring a loss of functionality
comparable to that of traditional configuration workarounds.Comment: Published in Proceedings of the 37th IEEE Symposium on Security and
Privacy (Oakland 2016
What are the Actual Flaws in Important Smart Contracts (and How Can We Find Them)?
An important problem in smart contract security is understanding the
likelihood and criticality of discovered, or potential, weaknesses in
contracts. In this paper we provide a summary of Ethereum smart contract audits
performed for 23 professional stakeholders, avoiding the common problem of
reporting issues mostly prevalent in low-quality contracts. These audits were
performed at a leading company in blockchain security, using both open-source
and proprietary tools, as well as human code analysis performed by professional
security engineers. We categorize 246 individual defects, making it possible to
compare the severity and frequency of different vulnerability types, compare
smart contract and non-smart contract flaws, and to estimate the efficacy of
automated vulnerability detection approaches
EVMPatch: Timely and Automated Patching of Ethereum Smart Contracts
Recent attacks exploiting errors in smart contract code had devastating
consequences thereby questioning the benefits of this technology. It is
currently highly challenging to fix errors and deploy a patched contract in
time. Instant patching is especially important since smart contracts are always
online due to the distributed nature of blockchain systems. They also manage
considerable amounts of assets, which are at risk and often beyond recovery
after an attack. Existing solutions to upgrade smart contracts depend on manual
and error-prone processes. This paper presents a framework, called EVMPatch, to
instantly and automatically patch faulty smart contracts. EVMPatch features a
bytecode rewriting engine for the popular Ethereum blockchain, and
transparently/automatically rewrites common off-the-shelf contracts to
upgradable contracts. The proof-of-concept implementation of EVMPatch
automatically hardens smart contracts that are vulnerable to integer
over/underflows and access control errors, but can be easily extended to cover
more bug classes. Our extensive evaluation on 14,000 real-world (vulnerable)
contracts demonstrate that our approach successfully blocks attack transactions
launched on these contracts, while keeping the intended functionality of the
contract intact. We perform a study with experienced software developers,
showing that EVMPatch is practical, and reduces the time for converting a given
Solidity smart contract to an upgradable contract by 97.6 %, while ensuring
functional equivalence to the original contract.Comment: A slightly shorter version of this paper will be published at USENIX
Security Symposium 202
REASSURE: A Self-contained Mechanism for Healing Software Using Rescue Points
Software errors are frequently responsible for the limited availability of Internet Services, loss of data, and many security compromises. Self-healing using rescue points (RPs) is a mechanism that can be used to recover software from unforeseen errors until a more permanent remedy, like a patch or update, is available. We present REASSURE, a self-contained mechanism for recovering from such errors using RPs. Essentially, RPs are existing code locations that handle certain anticipated errors in the target application, usually by returning an error code. REASSURE enables the use of these locations to also handle unexpected faults. This is achieved by rolling back execution to a RP when a fault occurs, returning a valid error code, and enabling the application to gracefully handle the unexpected error itself. REASSURE can be applied on already running applications, while disabling and removing it is equally facile. We tested REASSURE with various applications, including the MySQL and Apache servers, and show that it allows them to successfully recover from errors, while incurring moderate overhead between 1% and 115%. We also show that even under very adverse conditions, like their continuous bombardment with errors, REASSURE protected applications remain operational
Mining Android Crash Fixes in the Absence of Issue- and Change-Tracking Systems
Android apps are prone to crash. This often arises from the misuse of Android framework APIs, making it harder to debug since official Android documentation does not discuss thoroughly potential exceptions.Recently, the program repair community has also started to investigate the possibility to fix crashes automatically. Current results, however, apply to limited example cases. In both scenarios of repair, the main issue is the need for more example data to drive the fix processes due to the high cost in time and effort needed to collect and identify fix examples. We propose in this work a scalable approach, CraftDroid, to mine crash fixes by leveraging a set of 28 thousand carefully reconstructed app lineages from app markets, without the need for the app source code or issue reports. We developed a replicative testing approach that locates fixes among app versions which output different runtime logs with the exact same test inputs. Overall, we have mined 104 relevant crash fixes, further abstracted 17 fine-grained fix templates that are demonstrated to be effective for patching crashed apks. Finally, we release ReCBench, a benchmark consisting of 200 crashed apks and the crash replication scripts, which the community can explore for evaluating generated crash-inducing bug patches
- …