GraphSPD: Graph-based security patch detection with enriched code semantics
With the increasing popularity of open-source software, embedded vulnerabilities have been
widely propagating to downstream software. Due to different maintenance policies, software …
widely propagating to downstream software. Due to different maintenance policies, software …
Patchdb: A large-scale security patch dataset
Security patches, embedding both vulnerable code and the corresponding fixes, are of great
significance to vulnerability detection and software maintenance. However, the existing …
significance to vulnerability detection and software maintenance. However, the existing …
Learning approximate execution semantics from traces for binary function similarity
Detecting semantically similar binary functions–a crucial capability with broad security
usages including vulnerability detection, malware analysis, and forensics–requires …
usages including vulnerability detection, malware analysis, and forensics–requires …
Revisiting binary code similarity analysis using interpretable feature engineering and lessons learned
Binary code similarity analysis (BCSA) is widely used for diverse security applications,
including plagiarism detection, software license violation detection, and vulnerability …
including plagiarism detection, software license violation detection, and vulnerability …
Unleashing the hidden power of compiler optimization on binary code difference: An empirical study
Hunting binary code difference without source code (ie, binary diffing) has compelling
applications in software security. Due to the high variability of binary code, existing solutions …
applications in software security. Due to the high variability of binary code, existing solutions …
Sok: Demystifying binary lifters through the lens of downstream applications
Binary lifters convert executables into an intermediate representation (IR) of a compiler
framework. The recovered IR code is generally deemed “analysis friendly,” bridging low …
framework. The recovered IR code is generally deemed “analysis friendly,” bridging low …
Khaos: The impact of inter-procedural code obfuscation on binary diffing techniques
P Zhang, C Wu, M Peng, K Zeng, D Yu, Y Lai… - Proceedings of the 21st …, 2023 - dl.acm.org
Software obfuscation techniques can prevent binary diffing techniques from locating
vulnerable code by obfuscating the third-party code, to achieve the purpose of protecting …
vulnerable code by obfuscating the third-party code, to achieve the purpose of protecting …
Save the Bruised Striver: A Reliable Live Patching Framework for Protecting Real-World PLCs
Industrial Control Systems (ICS), particularly programmable logic controllers (PLCs)
responsible for managing underlying physical infrastructures, often operate for extended …
responsible for managing underlying physical infrastructures, often operate for extended …
Callee: Recovering call graphs for binaries with transfer and contrastive learning
Recovering binary programs' call graphs is crucial for inter-procedural analysis tasks and
applications based on them. One of the core challenges is recognizing targets of indirect …
applications based on them. One of the core challenges is recognizing targets of indirect …
1dFuzz: Reproduce 1-Day Vulnerabilities with Directed Differential Fuzzing
1-day vulnerabilities are common in practice and have posed severe threats to end users, as
adversaries could learn from released patches to find them and exploit them. Reproducing 1 …
adversaries could learn from released patches to find them and exploit them. Reproducing 1 …