CORE
🇺🇦
make metadata, not war
Services
Services overview
Explore all CORE services
Access to raw data
API
Dataset
FastSync
Content discovery
Recommender
Discovery
OAI identifiers
OAI Resolver
Managing content
Dashboard
Bespoke contracts
Consultancy services
Support us
Support us
Membership
Sponsorship
Community governance
Advisory Board
Board of supporters
Research network
About
About us
Our mission
Team
Blog
FAQs
Contact us
Cross-compiler bipartite vulnerability search
Authors
Paul Black
Iqbal Gondal
Publication date
1 January 2021
Publisher
'MDPI AG'
Doi
Cite
Abstract
Open-source libraries are widely used in software development, and the functions from these libraries may contain security vulnerabilities that can provide gateways for attackers. This paper provides a function similarity technique to identify vulnerable functions in compiled programs and proposes a new technique called Cross-Compiler Bipartite Vulnerability Search (CCBVS). CCBVS uses a novel training process, and bipartite matching to filter SVM model false positives to improve the quality of similar function identification. This research uses debug symbols in programs compiled from open-source software products to generate the ground truth. This automatic extraction of ground truth allows experimentation with a wide range of programs. The results presented in the paper show that an SVM model trained on a wide variety of programs compiled for Windows and Linux, x86 and Intel 64 architectures can be used to predict function similarity and that the use of bipartite matching substantially improves the function similarity matching performance. © 2021 by the authors. Licensee MDPI, Basel, Switzerland
Similar works
Full text
Open in the Core reader
Download PDF
Available Versions
Directory of Open Access Journals
See this paper in CORE
Go to the repository landing page
Download from data provider
oai:doaj.org/article:4f1f60299...
Last time updated on 16/08/2021
Federation ResearchOnline
See this paper in CORE
Go to the repository landing page
Download from data provider
vital:15341
Last time updated on 02/12/2022
Multidisciplinary Digital Publishing Institute
See this paper in CORE
Go to the repository landing page
Download from data provider
oai:mdpi.com:/2079-9292/10/11/...
Last time updated on 21/10/2022