research-article

Facilitating Vulnerability Assessment through PoC Migration

Authors:

Min YangAuthors Info & Claims

CCS '21: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security

Pages 3300 - 3317

https://doi.org/10.1145/3460120.3484594

Published: 13 November 2021 Publication History

Abstract

Recent research shows that, even for vulnerability reports archived by MITRE/NIST, they usually contain incomplete information about the software's vulnerable versions, making users of under-reported vulnerable versions at risk. In this work, we address this problem by introducing a fuzzing-based method. Technically, this approach first collects the crashing trace on the reference version of the software. Then, it utilizes the trace to guide the mutation of the PoC input so that the target version could follow the trace similar to the one observed on the reference version. Under the mutated input, we argue that the target version's execution could have a higher chance of triggering the bug and demonstrating the vulnerability's existence. We implement this idea as an automated tool, named VulScope. Using 30 real-world CVEs on 470 versions of software, VulScope is demonstrated to introduce no false positives and only 7.9% false negatives while migrating PoC from one version to another. Besides, we also compare our method with two representative fuzzing tools AFL and AFLGO. We find VulScope outperforms both of these existing techniques while taking the task of PoC migration. Finally, by using VulScope, we identify 330 versions of software that MITRE/NIST fails to report as vulnerable.

References

[1]

2021. American Fuzzy Lop. http://lcamtuf.coredump.cx/afl/.

[2]

2021. BinDiff. https://www.zynamics.com/bindiff.html.

[3]

2021. Common Vulnerabilities and Exposures. https://cve.mitre.org/.

[4]

2021. National Vulnerability Database. https://nvd.nist.gov/.

[5]

2021. PIN Tools. https://software.intel.com/content/www/us/en/develop/articles/pin-a-dynamic-binary-instrumentation-tool.html.

[6]

2021. PolyTracker. https://github.com/trailof bits/polytracker.

[7]

Michael Backes, Sven Bugiel, and Erik Derr. 2016. Reliable Third-party Library Detection in Android and its Security Applications. In Proceedings of the 23rd ACM SIGSAC Conference on Computer and Communications Security (CCS), Vienna, Austria. 356--367.

Digital Library

[8]

Tim Blazytko, Moritz Schlö gel, Cornelius Aschermann, Ali Abbasi, Joel Frank, Simon Wö rner, and Thorsten Holz. 2020. AURORA: Statistical Crash Analysis for Automated Root Cause Explanation. In Proceedings of the 29th USENIX Security Symposium (USENIX Security), Virtual Event, USA. 235--252.

[9]

Marcel Böhme, Van-Thuan Pham, Manh-Dung Nguyen, and Abhik Roychoudhury. 2017. Directed Greybox Fuzzing. In Proceedings of the 24th ACM SIGSAC Conference on Computer and Communications Security (CCS), Dallas, TX, USA. 2329--2344.

Digital Library

[10]

Martial Bourquin, Andy King, and Edward Robbins. 2013. Binslayer: Accurate Comparison of Binary Executables. In Proceedings of the 2nd ACM SIGPLAN Program Protection and Reverse Engineering Workshop (PPREW), Rome, Italy. 4:1--4:10.

Digital Library

[11]

Sang Kil Cha, Maverick Woo, and David Brumley. 2015. Program-adaptive Mutational Fuzzing. In Proceedings of the 36th IEEE Symposium on Security and Privacy (S&P), San Jose, CA, USA. 725--741.

Digital Library

[12]

Oscar Chaparro, Jing Lu, Fiorella Zampetti, Laura Moreno, Massimiliano Di Penta, Andrian Marcus, Gabriele Bavota, and Vincent Ng. 2017. Detecting Missing Information in Bug Descriptions. In Proceedings of the 11th Joint Meeting on Foundations of Software Engineering (FSE), Paderborn, Germany. 396--407.

Digital Library

[13]

Hongxu Chen, Yinxing Xue, Yuekang Li, Bihuan Chen, Xiaofei Xie, Xiuheng Wu, and Yang Liu. 2018. Hawkeye: Towards a Desired Directed Grey-box Fuzzer. In Proceedings of the 25th ACM SIGSAC Conference on Computer and Communications Security (CCS), Toronto, ON, Canada. 2095--2108.

Digital Library

[14]

Kai Chen, Peng Liu, and Yingjun Zhang. 2014. Achieving Accuracy and Scalability Simultaneously in Detecting Application Clones on Android Markets. In Proceedings of the 36th International Conference on Software Engineering (ICSE), Hyderabad, India. 175--186.

Digital Library

[15]

Yaohui Chen, Peng Li, Jun Xu, Shengjian Guo, Rundong Zhou, Yulong Zhang, Tao Wei, and Long Lu. 2020. SAVIOR: Towards Bug-Driven Hybrid Testing. In Proceedings of the 41st IEEE Symposium on Security and Privacy (S&P), San Francisco, CA, USA. 1580--1596.

[16]

Jiarun Dai, Yuan Zhang, Zheyue Jiang, Yingtian Zhou, Junyan Chen, Xinyu Xing, Xiaohan Zhang, Xin Tan, Min Yang, and Zhemin Yang. 2020. BScout: Direct Whole Patch Presence Test for Java Executables. In Proceedings of the 29th USENIX Security Symposium (USENIX Security), Virtual Event, USA. 1147--1164.

[17]

Yaniv David, Nimrod Partush, and Eran Yahav. 2016. Statistical Similarity of Binaries. In Proceedings of the 37th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), Santa Barbara, CA, USA. 266--280.

Digital Library

[18]

Ying Dong, Wenbo Guo, Yueqi Chen, Xinyu Xing, Yuqing Zhang, and Gang Wang. 2019. Towards the Detection of Inconsistencies in Public Security Vulnerability Reports. In Proceedings of the 28th USENIX Security Symposium (USENIX Security), Santa Clara, CA, USA. 869--885.

[19]

Yue Duan, Xuezixiang Li, Jinghan Wang, and Heng Yin. 2020. DeepBinDiff: Learning Program-Wide Code Representations for Binary Diffing. In Proceedings of the 27th Annual Network and Distributed System Security Symposium (NDSS), San Diego, CA, USA.

[20]

Sebastian Eschweiler, Khaled Yakdan, and Elmar Gerhards-Padilla. 2016. discovRE: Efficient Cross-architecture Identification of Bugs in Binary Code. In Proceedings of the 23rd Annual Network and Distributed System Security Symposium (NDSS), San Diego, CA, USA.

[21]

Shuitao Gan, Chao Zhang, Peng Chen, Bodong Zhao, Xiaojun Qin, Dong Wu, and Zuoning Chen. 2020. GREYONE: Data Flow Sensitive Fuzzing. In Proceedings of the 29th USENIX Security Symposium (USENIX Security), Virtual Event, USA. 2577--2594.

[22]

Michael W. Godfrey and Lijie Zou. 2015. Using Origin Analysis to Detect Merging and Splitting of Source Code Entities. In Proceedings of the IEEE Trans. Software Eng. (TSE). 166--181.

[23]

Kevin J. Hoffman, Patrick Eugster, and Suresh Jagannathan. 2009. Semantics-aware Trace Analysis. In Proceedings of the 30th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), Dublin, Ireland. 453--464.

Digital Library

[24]

Jiyong Jang, Abeer Agrawal, and David Brumley. 2012. ReDeBug: Finding Unpatched Code Clones in Entire OS Distributions. In Proceedings of the 23rd IEEE Symposium on Security and Privacy (S&P), San Francisco, CA, USA. 48--62.

Digital Library

[25]

Zheyue Jiang, Yuan Zhang, Jun Xu, Qi Wen, Zhenghe Wang, Xiaohan Zhang, Xinyu Xing, Min Yang, and Zhemin Yang. 2020. PDiff: Semantic-based Patch Presence Testing for Downstream Kernels. In Proceedings of the 27th ACM SIGSAC Conference on Computer and Communications Security (CCS), Virtual Event, USA. 1149--1163.

Digital Library

[26]

Toshihiro Kamiya, Shinji Kusumoto, and Katsuro Inoue. 2002. CCFinder: A Multilinguistic Token-Based Code Clone Detection System for Large Scale Source Code. In Proceedings of the IEEE Trans. Software Eng. (TSE). 654--670.

Digital Library

[27]

Ulf Kargén and Nahid Shahmehri. 2017. Towards Robust Instruction-level Trace Alignment of Binary Code. In Proceedings of the 32nd IEEE/ACM International Conference on Automated Software Engineering (ASE), Urbana, IL, USA. 342--352.

Digital Library

[28]

Seulbae Kim, Seunghoon Woo, Heejo Lee, and Hakjoo Oh. 2017. VUDDY: A Scalable Approach for Vulnerable Code Clone Discovery. In Proceedings of the 38th IEEE Symposium on Security and Privacy (S&P), San Jose, CA, USA. 595--614.

[29]

Zhen Li, Deqing Zou, Shouhuai Xu, Xinyu Ou, Hai Jin, Sujuan Wang, Zhijun Deng, and Yuyi Zhong. 2018. VulDeePecker: A Deep Learning-based System for Vulnerability Detection. In Proceedings of the 25th Annual Network and Distributed System Security Symposium (NDSS), San Diego, CA, USA,.

[30]

Hongliang Liang, Lin Jiang, Lu Ai, and Jinyi Wei. 2020. Sequence Directed Hybrid Fuzzing. In Proceedings of the 27th IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER), London, ON, Canada. 127--137.

[31]

Hongliang Liang, Yini Zhang, Yue Yu, Zhuosi Xie, and Lin Jiang. 2019. Sequence Coverage Directed Greybox Fuzzing. In Proceedings of the 27th International Conference on Program Comprehension (ICPC), Montreal, QC, Canada. 249--259.

Digital Library

[32]

Bingchang Liu, Wei Huo, Chao Zhang, Wenchao Li, Feng Li, Aihua Piao, and Wei Zou. 2018. αdiff: Cross-version Binary Code Similarity Detection with DNN. In Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering (ASE), Montpellier, France. 667--678.

Digital Library

[33]

Kangjie Lu and Hong Hu. 2019. Where Does It Go? Refining Indirect-call Targets with Multi-layer Type Analysis. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security (CCS), London, UK. 1867--1881.

Digital Library

[34]

Dongliang Mu, Alejandro Cuevas, Limin Yang, Hang Hu, Xinyu Xing, Bing Mao, and Gang Wang. 2018. Understanding the Reproducibility of Crowd-reported Security Vulnerabilities. In Proceedings of the 27th USENIX Security Symposium (USENIX Security), Baltimore, MD, USA. 919--936.

[35]

Dongliang Mu, Wenbo Guo, Alejandro Cuevas, Yueqi Chen, Jinxuan Gai, Xinyu Xing, Bing Mao, and Chengyu Song. 2019. RENN: Efficient Reverse Execution with Neural-network-assisted Alias Analysis. In Proceedings of the 34th IEEE/ACM International Conference on Automated Software Engineering (ASE), San Diego, CA, USA. 924--935.

Digital Library

[36]

Emerson R. Murphy-Hill, Chris Parnin, and Andrew P. Black. 2012. How We Refactor, and How We Know It. In Proceedings of the IEEE Trans. Software Eng. (TSE). 5--18.

[37]

Eugene W. Myers. 1986. An O(ND) Difference Algorithm and its Variations. In Algorithmica. 251--266.

[38]

Vijayanand Nagarajan, Rajiv Gupta, Matias Madou, Xiangyu Zhang, and Bjorn De Sutter. 2007. Matching Control Flow of Program Versions. In Proceedings of the 23rd IEEE International Conference on Software Maintenance (ICSM), Paris, France. 84--93.

[39]

Manh-Dung Nguyen, Sébastien Bardin, Richard Bonichon, Roland Groz, and Matthieu Lemerre. 2020. Binary-level Directed Fuzzing for Use-After-Free Vulnerabilities. In Proceedings of the 23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID), Virtual Event, USA. 47--62.

[40]

Sebastian Österlund, Kaveh Razavi, Herbert Bos, and Giuffrida Cristiano. 2020. ParmeSan: Sanitizer-guided Greybox Fuzzing. In Proceedings of the 29th USENIX Security Symposium (USENIX Security), Virtual Event, USA. 2289--2306.

[41]

Mateusz Pawlik and Nikolaus Augsten. 2016. Tree Edit Distance: Robust and Memory-efficient. In Proceedings of the Information Systems (Inf. Syst.). 157--173.

Digital Library

[42]

Jannik Pewny, Behrad Garmany, Robert Gawlik, Christian Rossow, and Thorsten Holz. 2015. Cross-architecture Bug Search in Binary Executables. In Proceedings of the 36th IEEE Symposium on Security and Privacy (S&P), San Jose, CA, USA. 709--724.

Digital Library

[43]

Jannik Pewny, Felix Schuster, Lukas Bernhard, Thorsten Holz, and Christian Rossow. 2014. Leveraging Semantic Signatures for Bug Search in Binary Programs. In Proceedings of the 30th Annual Computer Security Applications Conference (ACSAC), New Orleans, LA, USA. 406--415.

Digital Library

[44]

John W. Ratcliff and David E. Metzener. 1998. Ratcliff-obershelp Pattern Recognition. In Dictionary of Algorithms and Data Structures (DADS).

[45]

Eric Sven Ristad and Peter N Yianilos. 1998. Learning String-edit Distance. In Proceedings of the IEEE Trans. Pattern Anal. Mach. Intell. (TPAMI). 522--532.

Digital Library

[46]

Hitesh Sajnani, Vaibhav Saini, Jeffrey Svajlenko, Chanchal K Roy, and Cristina V Lopes. 2016. SourcererCC: Scaling Code Clone Detection to Big-code. In Proceedings of the 38th International Conference on Software Engineering (ICSE), Austin, TX, USA. 1157--1168.

Digital Library

[47]

Pang-Ning Tan et al. 2006. Introduction to Data Mining.

[48]

Xin Tan, Yuan Zhang, Chenyuan Mi, Jiajun Cao, Kun Sun, Yifan Lin, and Min Yang. 2021. Locating the Security Patches for Disclosed OSS Vulnerabilities with Vulnerability-Commit Correlation Ranking. In Proceedings of the 28th ACM SIGSAC Conference on Computer and Communications Security (CCS), Virtual Event, Republic of Korea.

Digital Library

[49]

Nikolaos Tsantalis, Matin Mansouri, Laleh Eshkevari, Davood Mazinanian, and Danny Dig. 2018. Accurate and Efficient Refactoring Detection in Commit History. In Proceedings of the 40th International Conference on Software Engineering (ICSE), Gothenburg, Sweden. 483--494.

Digital Library

[50]

Haijun Wang, Xiaofei Xie, Yi Li, Cheng Wen, Yuekang Li, Yang Liu, Shengchao Qin, Hongxu Chen, and Yulei Sui. 2020. Typestate-Guided Fuzzer for Discovering Use-after-Free Vulnerabilities. In Proceedings of the 42nd International Conference on Software Engineering (ICSE), Seoul, South Korea. 999--1010.

Digital Library

[51]

Cheng Wen, Haijun Wang, Yuekang Li, Shengchao Qin, Yang Liu, Zhiwu Xu, Hongxu Chen, Xiaofei Xie, Geguang Pu, and Ting Liu. 2020. MemLock: Memory Usage Guided Fuzzing. In Proceedings of the 42nd International Conference on Software Engineering (ICSE), Seoul, South Korea. 765--777.

Digital Library

[52]

Yang Xiao, Bihuan Chen, Chendong Yu, Zhengzi Xu, Zimu Yuan, Feng Li, Binghong Liu, Yang Liu, Wei Huo, Wei Zou, and Wenchang Shi. 2020. MVP: Detecting Vulnerabilities using Patch-enhanced Vulnerability Signatures. In Proceedings of the 29th USENIX Security Symposium (USENIX Security), Virtual Event, USA. 1165--1182.

[53]

Jun Xu, Dongliang Mu, Ping Chen, Xinyu Xing, Pei Wang, and Peng Liu. 2016. Credal: Towards Locating A Memory Corruption Vulnerability with Your Core Dump. In Proceedings of the 23rd ACM SIGSAC Conference on Computer and Communications Security (CCS), Vienna, Austria. 529--540.

Digital Library

[54]

Jun Xu, Dongliang Mu, Xinyu Xing, Peng Liu, Ping Chen, and Bing Mao. 2017. Postmortem Program Analysis with Hardware-enhanced Post-crash Artifacts. In Proceedings of the 26th USENIX Security Symposium (USENIX Security), Vancouver, BC, Canada. 17--32.

Digital Library

[55]

Yifei Xu, Zhengzi Xu, Bihuan Chen, Fu Song, Yang Liu, and Ting Liu. 2020. Patch Based Vulnerability Matching for Binary Programs. In Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA), Virtual Event, USA. 376--387.

Digital Library

[56]

Wei You, Xueqiang Wang, Shiqing Ma, Jianjun Huang, Xiangyu Zhang, XiaoFeng Wang, and Bin Liang. 2019. ProFuzzer: On-the-fly Input Type Probing for Better Zero-Day Vulnerability Discovery. In Proceedings of the 40th IEEE Symposium on Security and Privacy (S&P), San Francisco, CA, USA. 769--786.

[57]

Hang Zhang and Zhiyun Qian. 2018. Precise and Accurate Patch Presence Test for Binaries. In Proceedings of the 27th USENIX Security Symposium (USENIX Security), Baltimore, MD, USA. 887--902.

[58]

Xiangyu Zhang and Rajiv Gupta. 2005. Matching Execution Histories of Program Versions. In Proceedings of the 10th European Software Engineering Conference (ESEC), Lisbon, Portugal. 197--206.

Digital Library

[59]

Yuan Zhang, Jiarun Dai, Xiaohan Zhang, Sirong Huang, Zhemin Yang, Min Yang, and Hao Chen. 2018. Detecting Third-party Libraries in Android Applications with High Precision and Recall. In IEEE 25th International Conference on Software Analysis, Evolution and Reengineering (SANER), Campobasso, Italy. 141--152.

[60]

Fei Zuo, Xiaopeng Li, Patrick Young, Lannan Luo, Qiang Zeng, and Zhexin Zhang. 2019. Neural Machine Translation Inspired Binary Code Similarity Comparison beyond Function Pairs. In Proceedings of the 26th Annual Network and Distributed System Security Symposium (NDSS), San Diego, CA, USA.

Cited By

Gu KZhang YCao JTan XYang Md'Amorim M(2024)How Well Industry-Level Cause Bisection Works in Real-World: A Study on Linux KernelCompanion Proceedings of the 32nd ACM International Conference on the Foundations of Software Engineering10.1145/3663529.3663828(62-73)Online publication date: 10-Jul-2024
https://dl.acm.org/doi/10.1145/3663529.3663828
Elahi HWang G(2024)Forward-porting and its limitations in fuzzer evaluationInformation Sciences: an International Journal10.1016/j.ins.2024.120142662:COnline publication date: 25-Jun-2024
https://dl.acm.org/doi/10.1016/j.ins.2024.120142
Woo SChoi ELee HOh HCalandrino JTroncoso C(2023)V1SCANProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620603(6541-6556)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620603
Show More Cited By

Index Terms

Facilitating Vulnerability Assessment through PoC Migration
1. Security and privacy
  1. Software and application security

Recommendations

Automatic software vulnerability assessment by extracting vulnerability elements
Abstract
Software vulnerabilities take threats to software security. When faced with multiple software vulnerabilities, the most urgent ones need to be fixed first. Therefore, it is critical to assess the severity of vulnerabilities in advance. However, ...
Highlights
- Using vulnerability elements extracted from vulnerability description with BERT-MRC for vulnerability assessment.
- We constructed a vulnerability elements dataset with seven vulnerability elements.
- The experimental results show that ...
Multi-layered graph-based model for social engineering vulnerability assessment
ASONAM '15: Proceedings of the 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining 2015

As technological and operational security measures for the protection of information systems are being widely adopted, it is much easier for a malicious user to launch an attack on an information system's weakest link, the humans operating it. Despite ...
Common Vulnerability Scoring System

Vendors have historically used proprietary methods for scoring software vulnerabilities, usually without detailing their criteria or processes. The Common Vulnerability Scoring System (CVSS) is a public initiative designed to address this issue by ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '21: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security

November 2021

3558 pages

ISBN:9781450384544

DOI:10.1145/3460120

General Chairs:
Yongdae Kim
KAIST, Republic of Korea
,
Jong Kim
POSTECH, Republic of Korea
,
Program Chairs:
Giovanni Vigna
University of California, Santa Barbara / VMware, USA
,
Elaine Shi
Carnegie Mellon University, USA

Copyright © 2021 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 November 2021

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Conference

CCS '21

Sponsor:

SIGSAC

CCS '21: 2021 ACM SIGSAC Conference on Computer and Communications Security

November 15 - 19, 2021

Virtual Event, Republic of Korea

Acceptance Rates

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '24

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

11
Total Citations
View Citations
717
Total Downloads

Downloads (Last 12 months)152
Downloads (Last 6 weeks)11

Reflects downloads up to 24 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Gu KZhang YCao JTan XYang Md'Amorim M(2024)How Well Industry-Level Cause Bisection Works in Real-World: A Study on Linux KernelCompanion Proceedings of the 32nd ACM International Conference on the Foundations of Software Engineering10.1145/3663529.3663828(62-73)Online publication date: 10-Jul-2024
https://dl.acm.org/doi/10.1145/3663529.3663828
Elahi HWang G(2024)Forward-porting and its limitations in fuzzer evaluationInformation Sciences: an International Journal10.1016/j.ins.2024.120142662:COnline publication date: 25-Jun-2024
https://dl.acm.org/doi/10.1016/j.ins.2024.120142
Woo SChoi ELee HOh HCalandrino JTroncoso C(2023)V1SCANProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620603(6541-6556)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620603
He YZhu Y(2023)RLTG: Multi-targets directed greybox fuzzingPLOS ONE10.1371/journal.pone.027813818:4(e0278138)Online publication date: 12-Apr-2023
https://doi.org/10.1371/journal.pone.0278138
Yang SXiao YXu ZSun CJi CZhang YMeng WJensen CCremers CKirda E(2023)Enhancing OSS Patch Backporting with SemanticsProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3623188(2366-2380)Online publication date: 15-Nov-2023
https://dl.acm.org/doi/10.1145/3576915.3623188
Jiang ZZhang YXu JSun XLiu ZYang M(2023)AEM: Facilitating Cross-Version Exploitability Assessment of Linux Kernel Vulnerabilities2023 IEEE Symposium on Security and Privacy (SP)10.1109/SP46215.2023.10179305(2122-2137)Online publication date: May-2023
https://doi.org/10.1109/SP46215.2023.10179305
Jiang ZZhang YXu JSun XLiu ZYang M(2023)AEM: Facilitating Cross-Version Exploitability Assessment of Linux Kernel Vulnerabilities2023 IEEE Symposium on Security and Privacy (SP)10.1109/SP46215.2023.10179286(2122-2137)Online publication date: May-2023
https://doi.org/10.1109/SP46215.2023.10179286
He YLiu L(2023)Critical Variable Guided Mutation for Directed Greybox Fuzzing2023 IEEE International Conference on Control, Electronics and Computer Technology (ICCECT)10.1109/ICCECT57938.2023.10140435(1541-1547)Online publication date: 28-Apr-2023
https://doi.org/10.1109/ICCECT57938.2023.10140435
Shi YZhang YLuo TMao XYang M(2022)Precise (Un)Affected Version Analysis for Web VulnerabilitiesProceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering10.1145/3551349.3556933(1-13)Online publication date: 10-Oct-2022
https://dl.acm.org/doi/10.1145/3551349.3556933
Tan XZhang YCao JSun KZhang MYang M(2022)Understanding the Practice of Security Patch Management across Multiple Branches in OSS ProjectsProceedings of the ACM Web Conference 202210.1145/3485447.3512236(767-777)Online publication date: 25-Apr-2022
https://dl.acm.org/doi/10.1145/3485447.3512236
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents