research-article

PatchScope: Memory Object Centric Patch Diffing

Authors:

Haotian Zhang, and

Heng YinAuthors Info & Claims

CCS '20: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security

October 2020

Pages 149 - 165

https://doi.org/10.1145/3372297.3423342

Published: 02 November 2020 Publication History

Abstract

Software patching is one of the most significant mechanisms to combat vulnerabilities. To demystify underlying patch details, the techniques of patch differential analysis (a.k.a. patch diffing) are proposed to find differences between patched and unpatched programs' binary code. Considering the sophisticated security patches, patch diffing is expected to not only correctly locate patch changes but also provide sufficient explanation for understanding patch details and the fixed vulnerabilities. Unfortunately, none of the existing patch diffing techniques can meet these requirements. In this study, we first perform a large-scale study on code changes of security patches for better understanding their patterns. We then point out several challenges and design principles for patch diffing. To address the above challenges, we design a dynamic patch diffing technique PatchScope. Our technique is motivated by two key observations: 1) the way that a program processes its input reveals a wealth of semantic information, and 2) most memory corruption patches regulate the handling of malformed inputs via updating the manipulations of input-related data structures. The core of PatchScope is a new semantics-aware program representation, memory object access sequence, which characterizes how a program references data structures to manipulate inputs. The representation can not only deliver succinct patch differences but also offer rich patch context information such as input-patch correlations. Such information can interpret patch differences and further help security analysts understand patch details, locate vulnerability root causes, and even detect buggy patches.

Supplementary Material

MOV File (Copy of CCS2020_fpe100_YuncongZhu - Pat Weeden.mov)

Presentation video

Download
238.74 MB

References

[1]

Gautam Altekar, Ilya Bagrak, Paul Burstein, and Andrew Schultz. 2005. OPUS: Online Patches and Updates for Security. In Proceedings of the 14th USENIX Security Symposium.

[2]

Frederico Araujo, Kevin W. Hamlen, Sebastian Biedermann, and Stefan Katzenbeisser. 2014. From Patches to Honey-Patches: Lightweight Attacker Misdirection, Deception, and Disinformation. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (CCS'14).

Digital Library

[3]

Ionut Arghire. 2019. Patches for Internet Explorer Zero-Day Causing Problems for Many Users. https://www.securityweek.com/patches-internet-explorer-zero-day-causing-problems-many-users.

[4]

Jeffrey Avery and Eugene H. Spafford. 2017. Ghost Patches: Fake Patches for Fake Vulnerabilities. In Proceedings of the 32nd International Conference on ICT Systems Security and Privacy Protection (IFIP SEC'17).

[5]

Ulrich Bayer, Paolo Milani Comparetti, Clemens Hlauschek, Christopher Kruegel, and Engin Kirda. 2009. Scalable, Behavior-Based Malware Clustering. In Proceedings of the 16th Annual Network and Distributed System Security Symposium (NDSS'09).

[6]

Tim Blazytko, Moritz Schlögel, Cornelius Aschermann, Ali Abbasi, Joel Frank, Simon Wörner, and Thorsten Holz. 2020. AURORA: Statistical Crash Analysis for Automated Root Cause Explanation. In Proceedings of 29th USENIX Security Symposium (USENIX Security'20).

[7]

Martial Bourquin, Andy King, and Edward Robbins. 2013. BinSlayer: Accurate Comparison of Binary Executables. In Proceedings of the 2nd ACM SIGPLAN Program Protection and Reverse Engineering Workshop (PPREW'13).

Digital Library

[8]

David Brumley, Pongsin Poosankam, Dawn Song, and Jiang Zheng. 2008. Automatic Patch-Based Exploit Generation is Possible: Techniques and Implications. In Proceedings of the 29th IEEE Symposium on Security and Privacy (S&P'08).

Digital Library

[9]

Juan Caballero, Heng Yin, Zhenkai Liang, and Dawn Song. 2007. Polyglot: Automatic Extraction of Protocol Message Format Using Dynamic Binary Analysis. In Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS'07).

Digital Library

[10]

Hongxu Chen, Yinxing Xue, Yuekang Li, Bihuan Chen, Xiaofei Xie, Xiuheng Wu, and Yang Liu. 2018. Hawkeye: towards a desired directed grey-box fuzzer. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. ACM, 2095--2108.

Digital Library

[11]

William D. Clinger. 1998. Proper Tail Recursion and Space Efficiency. In Proceedings of the ACM SIGPLAN 1998 Conference on Programming Language Design and Implementation (PLDI'98).

Digital Library

[12]

Paolo Milani Comparetti, Guido Salvaneschi, Engin Kirda, Clemens Kolbitsch, Christopher Kruegel, and Stefano Zanero. 2010. Identifying Dormant Functionality in Malware Programs. In Proceedings of the 31st IEEE Symposium on Security and Privacy (S&P'10).

Digital Library

[13]

Bart Coppens, Bjorn De Sutter, and Koen De Bosschere. 2013. Protecting Your Software Updates. IEEE Security & Privacy, Vol. 11, 2 (March 2013), 47--54.

Digital Library

[14]

Manuel Costa, Miguel Castro, Lidong Zhou, Lintao Zhang, and Marcus Peinado. 2007. Bouncer: Securing Software by Blocking Bad Input. In Proceedings of 21st ACM SIGOPS Symposium on Operating Systems Principles (SOSP'07).

Digital Library

[15]

Yaniv David, Nimrod Partush, and Eran Yahav. 2016. Statistical Similarity of Binaries. In Proceedings of the 37th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI'16).

Digital Library

[16]

Yaniv David, Nimrod Partush, and Eran Yahav. 2018. FirmUp: Precise Static Detection of Common Vulnerabilities in Firmware. In Proceedings of the Twenty-Third International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS'18).

Digital Library

[17]

Franck de Goër, Sanjay Rawat, Dennis Andriesse, Herbert Bos, and Roland Groz. 2018. Now You See Me: Real-time Dynamic Function Call Detection. In Proceedings of the 34th Annual Computer Security Applications Conference (ACSAC'18).

Digital Library

[18]

Steven H. H. Ding, Benjamin C. M. Fung, and Philippe Charland. 2019. Asm2Vec: Boosting Static Representation Robustness for Binary Clone Search against Code Obfuscation and Compiler Optimization. In Proceedings of the 40th IEEE Symposium on Security and Privacy (S&P'19).

[19]

Yue Duan, Xuezixiang Li, Jinghan Wang, and Heng Yin. 2020. DEEPBINDIFF: Learning Program-Wide Code Representations for Binary Diffing. In Proceedings of the 27th Annual Network and Distributed System Security Symposium (NDSS'20).

[20]

Manuel Egele, Maverick Woo, Peter Chapman, and David Brumley. 2014. Blanket Execution: Dynamic Similarity Testing for Program Binaries and Components. In Proceedings of the 23rd USENIX Security Symposium (USENIX Security'14).

[21]

Sebastian Eschweiler, Khaled Yakdan, and Elmar Gerhards-Padilla. 2016. discovRE: Efficient Cross-Architecture Identification of Bugs in Binary Code. In Proceedings of the 23nd Annual Network and Distributed System Security Symposium (NDSS'16).

[22]

Qian Feng, Rundong Zhou, Chengcheng Xu, Yao Cheng, Brian Testa, and Heng Yin. 2016. Scalable Graph-based Bug Search for Firmware Images. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (CCS'16).

Digital Library

[23]

Matt Fredrikson, Somesh Jha, Mihai Christodorescu, Reiner Sailer, and Xifeng Yan. 2010. Synthesizing Near-Optimal Malware Specifications from Suspicious Behaviors. In Proceedings of the 31st IEEE Symposium on Security and Privacy (S&P'10).

Digital Library

[24]

Ulf Frisk. 2018. Total Meltdown? http://blog.frizk.net/2018/03/total-meltdown.html.

[25]

Debin Gao, Michael K. Reiter, and Dawn Song. 2008. BinHunt: Automatically Finding Semantic Differences in Binary Programs. In Poceedings of the 10th International Conference on Information and Communications Security (ICICS'08).

[26]

Jian Gao, Xin Yang, Ying Fu, Yu Jiang, Heyuan Shi, and Jiaguang Sun. 2018. VulSeeker-pro: Enhanced Semantic Learning Based Binary Vulnerability Seeker with Emulation. In Proceedings of the 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE'18).

Digital Library

[27]

Google LLC. 2011. BinDiff: Graph Comparison for Binary Files. https://www.zynamics.com/bindiff.html.

[28]

Andrew Henderson, Aravind Prakash, Lok Kwong Yan, Xunchao Hu, Xujiewen Wang, Rundong Zhou, and Heng Yin. 2014. Make It Work, Make It Right, Make It Fast: Building a Platform-Neutral Whole-System Dynamic Binary Analysis Platform. In Proceedings of the 2014 International Symposium on Software Testing and Analysis (ISSTA'14).

Digital Library

[29]

Xin Hu, Tzi-cker Chiueh, and Kang G. Shin. 2009. Large-scale Malware Indexing Using Function-call Graphs. In Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS'09).

[30]

Noah M. Johnson, Juan Caballero, Kevin Zhijie Chen, Stephen McCamant, Pongsin Poosankam, Daniel Reynaud, and Dawn Song. 2011. Differential Slicing: Identifying Causal Execution Differences for Security Applications. In Proceedings of the 2011 IEEE Symposium on Security and Privacy (S&P'11).

Digital Library

[31]

Mateusz Jurczyk. 2017. Using Binary Diffing to Discover Windows Kernel Memory Disclosure Bugs. Google Project Zero Team Blog.

[32]

Min Gyung Kang, Stephen McCamant, Pongsin Poosankam, and Dawn Song. 2011. DTA+: Dynamic Taint Analysis with Targeted Control-Flow Propagation. In Proceedings of the 18th Annual Network and Distributed System Security Symposium (NDSS'11).

[33]

Clemens Kolbitsch, Paolo Milani Comparetti, Christopher Kruegel, Engin Kirda, Xiaoyong Zhou, and XiaoFeng Wang. 2009. Effective and Efficient Malware Detection at the End Host. In Proceedings of the 18th Conference on USENIX Security Symposium (USENIX Security'09).

[34]

Joxean Koret. 2015. Diaphora: A Free and Open Source Program Diffing Tool. http://diaphora.re/.

[35]

Shuvendu K Lahiri, Chris Hawblitzel, Ming Kawaguchi, and Henrique Rebêlo. 2012. Symdiff: A language-agnostic semantic diff tool for imperative programs. In International Conference on Computer Aided Verification. Springer, 712--717.

Digital Library

[36]

Frank Li and Vern Paxson. 2017. A Large-Scale Empirical Study of Security Patches. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (CCS'17).

Digital Library

[37]

Zhen Li, Deqing Zou, Shouhuai Xu, Xinyu Ou, Hai Jin, Sujuan Wang, Zhijun Deng, and Yuyi Zhong. 2018. VulDeePecker: A Deep Learning-Based System for Vulnerability Detection. In Proceedings of the 25th Annual Network and Distributed System Security Symposium (NDSS'18).

[38]

Bingchang Liu, Wei Huo, Chao Zhang, Wenchao Li, Feng Li, Aihua Piao, and Wei Zou. 2018. αDiff: Cross-version Binary Code Similarity Detection with DNN. In Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering (ASE'18).

Digital Library

[39]

Fan Long, Stelios Sidiroglou-Douskos, Deokhwan Kim, and Martin Rinard. 2014. Sound Input Filter Generation for Integer Overflow Errors. In Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL'14).

Digital Library

[40]

Lannan Luo, Jiang Ming, Dinghao Wu, Peng Liu, and Sencun Zhu. 2014. Semantics-based Obfuscation-resilient Binary Code Similarity Comparison with Applications to Software Plagiarism Detection. In Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering (FSE'14).

Digital Library

[41]

Aravind Machiry, Nilo Redini, Eric Camellini, Christopher Kruegel, and Giovanni Vigna. 2020. Spider: Enabling fast patch propagation in related software repositories. In 2020 IEEE Symposium on Security and Privacy (SP). IEEE.

[42]

Niccolò Marastoni, Roberto Giacobazzi, and Mila Dalla Preda. 2018. A Deep Learning Approach to Program Similarity. In Proceedings of the 1st International Workshop on Machine Learning and Software Engineering in Symbiosis (MASES'18).

Digital Library

[43]

Luca Massarelli, Giuseppe Antonio Di Luna, Fabio Petroni, Roberto Baldoni, and Leonardo Querzoni. 2019. SAFE: Self-Attentive Function Embeddings for Binary Similarity. In Proceedings of the 16th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA'19).

[44]

Jiang Ming, Dongpeng Xu, Yufei Jiang, and Dinghao Wu. 2017. BinSim: Trace-based Semantic Binary Diffing via System Call Sliced Segment Equivalence Checking. In Proceedings of the 26th USENIX Conference on Security Symposium (USENIX Security'17).

Digital Library

[45]

Manish Motwani, Sandhya Sankaranarayanan, René Just, and Yuriy Brun. 2018. Do automated program repair techniques repair hard and important bugs? Empirical Software Engineering, Vol. 23, 5 (2018), 2901--2947.

Digital Library

[46]

Dongliang Mu, Alejandro Cuevas, Limin Yang, Hang Hu, Xinyu Xing, Bing Mao, and Gang Wang. 2018. Understanding the Reproducibility of Crowd-reported Security Vulnerabilities. In Proceedings of the 27th USENIX Conference on Security Symposium (USENIX Security'18).

Digital Library

[47]

Jeong Wook Oh. 2009. Fight against 1-day exploits: Diffing Binaries vs Anti-diffing Binaries. Black Hat USA.

[48]

Jeong Wook Oh. 2010. Exploit Spotting: Locating Vulnerabilities Out of Vendor Patches Automatically. Black Hat USA.

[49]

Jeong Wook Oh. 2011. DarunGrim: A Patch Analysis and Binary Diffing Tool. http://www.darungrim.org/.

[50]

Jiaqi Peng, Feng Li, Bingchang Liu, Lili Xu, Binghong Liu, Kai Chen, and Wei Huo. 2019. 1dVul: Discovering 1-day Vulnerabilities through Binary Patches. In Proceedings of the 49th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'19).

[51]

Suzette Person, Matthew B Dwyer, Sebastian Elbaum, and Corina S P'sreanu. 2008. Differential symbolic execution. In Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of software engineering. 226--237.

Digital Library

[52]

Suzette Person, Guowei Yang, Neha Rungta, and Sarfraz Khurshid. 2011. Directed incremental symbolic execution. In Proceedings of the 32nd ACM SIGPLAN Conference on Programming Language Design and Implementation. 504--515.

Digital Library

[53]

Dawei Qi, Abhik Roychoudhury, Zhenkai Liang, and Kapil Vaswani. 2009. DARWIN: An Approach for Debugging Evolving Programs. In Proceedings of the the 7th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on The Foundations of Software Engineering. ACM.

Digital Library

[54]

Ashwin Ramaswamy, Sergey Bratus, Sean W. Smith, and Michael E. Locasto. 2010. Katana: A Hot Patching Framework for ELF Executables. In Proceedings of the 2010 International Conference on Availability, Reliability and Security.

[55]

Stephen Sims. 2016. Bruh! Do you even diff?--Diffing Microsoft Patches to Find Vulnerabilities. RSA Conference.

[56]

Asia Slowinska and Herbert Bos. 2009. Pointless tainting? Evaluating the practicality of pointer tainting. In EuroSys. 61--74.

[57]

Asia Slowinska, Traian Stancescu, and Herbert Bos. 2011. Howard: A Dynamic Excavator for Reverse Engineering Data Structures. In Proceedings of the 18th Annual Network and Distributed System Security Symposium (NDSS'11).

[58]

Temple F. Smith and M.S. Waterman. 1981. Identification of Common Molecular Subsequences. Journal of Molecular Biology, Vol. 147, 1 (1981).

[59]

Alexander Sotirov. 2006. Hotpatching and the Rise of Third-Party Patches. BlackHat USA.

[60]

Zhenzhou Tian, Qinghua Zheng, Ting Liu, Ming Fan, Eryue Zhuang, and Zijiang Yang. 2015. Software Plagiarism Detection with Birthmarks Based on Dynamic Key Instruction Sequences. IEEE Transactions on Software Engineering, Vol. 41, 12 (2015).

[61]

Windows Unicorn vulnerability exploited in the wild. [online]. Windows Unicorn vulnerability exploited in the wild. https://securityaffairs.co/wordpress/30402/security/unicorn-exploited-in-the-wild.html.

[62]

Harsimran Walia. 2011. Reversing Microsoft patches to reveal vulnerable code. Nullcon.

[63]

Shuai Wang and Dinghao Wu. 2017. In-memory Fuzzing for Binary Code Similarity Analysis. In Proceedings of the 32nd IEEE/ACM International Conference on Automated Software Engineering (ASE'17).

[64]

Xinran Wang, Yoon-Chan Jhi, Sencun Zhu, and Peng Liu. 2009. Behavior Based Software Theft Detection. In Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS'09).

Digital Library

[65]

Xinda Wang, Kun Sun, Archer Batcheller, and Sushil Jajodia. 2019. Detecting" 0-Day" Vulnerability: An Empirical Study of Secret Security Patch in OSS. In 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE, 485--492.

[66]

Ye Wang, Na Meng, and Hao Zhong. 2018. An Empirical Study of Multi-Entity Changes in Real Bug Fixes. In Proceedings of the 34th IEEE International Conference on Software Maintenance and Evolution (ICSME'18).

[67]

Dasarath Weeratunge, Xiangyu Zhang, William N Sumner, and Suresh Jagannathan. 2010. Analyzing concurrency bugs using dual slicing. In Proceedings of the 19th international symposium on Software testing and analysis. ACM, 253--264.

Digital Library

[68]

Qiushi Wu, Yang He, Stephen McCamant, and Kangjie Lu. 2020. Precisely Characterizing Security Impact in a Flood of Patches via Symbolic Rule Comparison. In Proceedings of the 27th Annual Network and Distributed System Security Symposium (NDSS'20).

[69]

Yang Xiao, Bihuan Chen, Chendong Yu, Zhengzi Xu, Zimu Yuan, Feng Li, Binghong Liu, Yang Liu, Wei Huo, Wei Zou, and Wenchang Shi. 2020. MVP: Detecting Vulnerabilities using Patch-Enhanced Vulnerability Signatures. In 29th USENIX Security Symposium (USENIX Security 20). USENIX Association.

[70]

Dongpeng Xu, Jiang Ming, and Dinghao Wu. 2017c. Cryptographic Function Detection in Obfuscated Binaries via Bit-precise Symbolic Loop Mapping. In Proceedings of the 38th IEEE Symposium on Security and Privacy (S&P'17).

[71]

Xiaojun Xu, Chang Liu, Qian Feng, Heng Yin, Le Song, and Dawn Song. 2017b. Neural Network-based Graph Embedding for Cross-Platform Binary Code Similarity Detection. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (CCS'17).

Digital Library

[72]

Zhengzi Xu, Bihuan Chen, Mahinthan Chandramohan, Yang Liu, and Fu Song. 2017a. SPAIN: Security Patch Analysis for Binaries Towards Understanding the Pain and Pills. In Proceedings of the 39th International Conference on Software Engineering (ICSE'17).

Digital Library

[73]

Wei You, Peiyuan Zong, Kai Chen, XiaoFeng Wang, Xiaojing Liao, Pan Bian, and Bin Liang. 2017. SemFuzz: Semantics-based Automatic Generation of Proof-of-Concept Exploit. In Proceedings of the 23rd ACM Conference on Computer and Communications Security (CCS'17).

Digital Library

[74]

Hang Zhang and Zhiyun Qian. 2018. Precise and accurate patch presence test for binaries. In 27th USENIX Security Symposium (USENIX Security 18). 887--902.

[75]

Shitong Zhu, Xunchao Hu, Zhiyun Qian, Zubair Shafiq, and Heng Yin. 2018. Measuring and Disrupting Anti-Adblockers Using Differential Execution Analysis. In Proceedings of the 25th Annual Network and Distributed System Security Symposium (NDSS'18).

[76]

Fei Zuo, Xiaopeng Li, Zhexin Zhang, Patrick Young, Lannan Luo, and Qiang Zeng. 2019. Neural Machine Translation Inspired Binary Code Similarity Comparison beyond Function Pairs. In Proceedings of the 26th Network and Distributed System Security Symposium (NDSS'19).

Cited By

Yang SXu ZXiao YLang ZTang WLiu YShi ZLi HSun L(2023)Towards Practical Binary Code Similarity Detection: Vulnerability Verification via Patch Semantic AnalysisACM Transactions on Software Engineering and Methodology10.1145/360460832:6(1-29)Online publication date: 30-Sep-2023
https://dl.acm.org/doi/10.1145/3604608
Yang SHe YChen KMa ZLuo XXie YChen JZhang CJust RFraser G(2023)1dFuzz: Reproduce 1-Day Vulnerabilities with Directed Differential FuzzingProceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3597926.3598102(867-879)Online publication date: 12-Jul-2023
https://dl.acm.org/doi/10.1145/3597926.3598102
Liu ZYuan YWang SBao Y(2022)SoK: Demystifying Binary Lifters Through the Lens of Downstream Applications2022 IEEE Symposium on Security and Privacy (SP)10.1109/SP46214.2022.9833799(1100-1119)Online publication date: May-2022
https://doi.org/10.1109/SP46214.2022.9833799
Show More Cited By

Index Terms

PatchScope: Memory Object Centric Patch Diffing
1. Security and privacy
  1. Software and application security
    1. Software reverse engineering

Recommendations

PPT4J: Patch Presence Test for Java Binaries
ICSE '24: Proceedings of the IEEE/ACM 46th International Conference on Software Engineering

The number of vulnerabilities reported in open source software has increased substantially in recent years. Security patches provide the necessary measures to protect software from attacks and vulnerabilities. In practice, it is difficult to identify ...
Read More
Hallucinating face by position-patch

A novel face hallucination method is proposed in this paper for the reconstruction of a high-resolution face image from a low-resolution observation based on a set of high- and low-resolution training image pairs. Different from most of the established ...
Read More
An automatic method for assessing the versions affected by a vulnerability

Vulnerability data sources are used by academics to build models, and by industry and government to assess compliance. Errors in such data sources therefore not only are threats to validity in scientific studies, but also might cause organizations, ...
Read More

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '20: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security

October 2020

2180 pages

ISBN:9781450370899

DOI:10.1145/3372297

General Chairs:
Jay Ligatti
University of South Florida, USA
,
Xinming Ou
University of South Florida, USA
,
Program Chairs:
Jonathan Katz
University of Maryland, USA
,
Giovanni Vigna
University of California-Santa Barbara, USA

Copyright © 2020 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 November 2020

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

National Science Foundation
National Natural Science Foundation of China

Conference

CCS '20

Sponsor:

SIGSAC

CCS '20: 2020 ACM SIGSAC Conference on Computer and Communications Security

November 9 - 13, 2020

Virtual Event, USA

Acceptance Rates

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '24

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
861
Total Downloads

Downloads (Last 12 months)104
Downloads (Last 6 weeks)17

Other Metrics

View Author Metrics

Citations

Cited By

Yang SXu ZXiao YLang ZTang WLiu YShi ZLi HSun L(2023)Towards Practical Binary Code Similarity Detection: Vulnerability Verification via Patch Semantic AnalysisACM Transactions on Software Engineering and Methodology10.1145/360460832:6(1-29)Online publication date: 30-Sep-2023
https://dl.acm.org/doi/10.1145/3604608
Yang SHe YChen KMa ZLuo XXie YChen JZhang CJust RFraser G(2023)1dFuzz: Reproduce 1-Day Vulnerabilities with Directed Differential FuzzingProceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3597926.3598102(867-879)Online publication date: 12-Jul-2023
https://dl.acm.org/doi/10.1145/3597926.3598102
Liu ZYuan YWang SBao Y(2022)SoK: Demystifying Binary Lifters Through the Lens of Downstream Applications2022 IEEE Symposium on Security and Privacy (SP)10.1109/SP46214.2022.9833799(1100-1119)Online publication date: May-2022
https://doi.org/10.1109/SP46214.2022.9833799
Lang ZYang SCheng YZhang XShi ZSun L(2021)PMatch: Semantic-based Patch Detection for Binary Programs2021 IEEE International Performance, Computing, and Communications Conference (IPCCC)10.1109/IPCCC51483.2021.9679443(1-10)Online publication date: 29-Oct-2021
https://doi.org/10.1109/IPCCC51483.2021.9679443
Wang XWang SFeng PSun KJajodia S(2021)PatchDB: A Large-Scale Security Patch Dataset2021 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN48987.2021.00030(149-160)Online publication date: Jun-2021
https://doi.org/10.1109/DSN48987.2021.00030

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents