Automatically assessing vulnerabilities discovered by compositional analysis

Ognawala, Saahil; Amato, Ricardo Nales; Pretschner, Alexander; Kulkarni, Pooja

doi:10.1145/3243127.3243130

Cited by 12 publications

(8 citation statements)

References 33 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We apply FUNDED to five open-source projects that were also evaluated in prior studies [5,18,52,53]. Table V lists the software versions and the number of function-level vulnerabilities.…”

Section: B Evaluation On Large Code Basesmentioning

confidence: 99%

Combining Graph-Based Learning With Automated Data Collection for Code Vulnerability Detection

Wang

Tang

et al. 2021

IEEE Trans.Inform.Forensic Secur.

189

View full text Add to dashboard Cite

“…We apply FUNDED to five open-source projects that were also evaluated in prior studies [5,18,52,53]. Table V lists the software versions and the number of function-level vulnerabilities.…”

Section: B Evaluation On Large Code Basesmentioning

confidence: 99%

Combining Graph-Based Learning With Automated Data Collection for Code Vulnerability Detection

Wang

Tang

et al. 2021

IEEE Trans.Inform.Forensic Secur.

189

View full text Add to dashboard Cite

“…Recently, several studies have started to predict CVSS version 3 exploitability metrics including the new Privileges and User Interactions. Ognawala et al [139] fed the features generated by a static analysis tool, Macke [140], to a Random forest model to predict these CVSS version 3 metrics for vulnerable software/components. Later, Chen et al [30] found that many SVs were disclosed on Twitter before on NVD.…”

Section: Exploit Characteristicsmentioning

confidence: 99%

“…Given the overlap, we hereby only describe the main directions and techniques of the Impact-related tasks rather than iterating the details of each study. Overall, a majority of the work has focused on classifying CVSS impact metrics (versions 2 and 3) using three main learning paradigms: single-task [30,50,86,108,139,193,200], multitarget [62,171] and multi-task [65] learning. Instead of developing a separate prediction model for each metric like the single-task approach, multi-target and multi-task approaches only need a single model for all tasks.…”

Section: Confidentiality Integrity Availability and Scopementioning

confidence: 99%

“…These three learning paradigms were powered by applying and/or customizing a wide range of data-driven methods. The first method was to use single ML classifiers like supervised Latent Dirichlet Allocation [200], Principal component analysis [180], Naïve Bayes [62,108,139], Logistic regression [86], Kernel-based SVM [193], Linear SVM [108], KNN [108] and Decision tree [171]. Other studies employed ensemble models combining the strength of multiple single models such as Random forest [108,139], boosting model [171] and XGBoost/LGBM [108].…”

Section: Confidentiality Integrity Availability and Scopementioning

confidence: 99%

See 1 more Smart Citation

A Survey on Data-driven Software Vulnerability Assessment and Prioritization

Le¹,

Chen²,

Babar³

2021

Preprint

View full text Add to dashboard Cite

Software Vulnerabilities (SVs) are increasing in complexity and scale, posing great security risks to many software systems. Given the limited resources in practice, SV assessment and prioritization help practitioners devise optimal SV mitigation plans based on various SV characteristics. The surge in SV data sources and datadriven techniques such as Machine Learning and Deep Learning have taken SV assessment and prioritization to the next level. Our survey provides a taxonomy of the past research efforts and highlights the best practices for data-driven SV assessment and prioritization. We also discuss the current limitations and propose potential solutions to address such issues. CCS Concepts: • General and reference → Surveys and overviews; • Security and privacy → Software security engineering; • Computing methodologies → Machine learning; Neural networks;

show abstract

“…2. There may be many other factors [18], such as the degree of connectedness of a function [33] and the distance to an interface such as main function [35], that affect if a vulnerability may be exploited, even if an exploit from main could not be generated. 3.…”

Section: Rq2-vulnerabilitiesmentioning

confidence: 99%

Compositional Fuzzing Aided by Targeted Symbolic Execution

Ognawala,

Kilger,

Pretschner

2019

Preprint

Self Cite

View full text Add to dashboard Cite

Guided fuzzing has, in recent years, been able to uncover many new vulnerabilities in real-world software due to its fast input mutation strategies guided by path-coverage. However, most fuzzers are unable to achieve high coverage in deeper parts of programs. Moreover, fuzzers heavily rely on the diversity of the seed inputs, often manually provided, to be able to produce meaningful results.In this paper, we present Wildfire, a novel open-source compositional fuzzing framework. Wildfire finds vulnerabilities by fuzzing isolated functions in a Cprogram and, then, using targeted symbolic execution it determines the feasibility of exploitation for these vulnerabilities. Based on our evaluation of 23 open-source programs (nearly 1 million LOC), we show that Wildfire, as a result of the increased coverage, finds more true-positives than baseline symbolic execution and fuzzing tools, as well as state-of-the-art coverage-guided tools, in only 10% of the analysis time taken by them. Additionally, Wildfire finds many other potential vulnerabilities whose feasibility can be determined compositionally to confirm if they are false-positives. Wildfire could also reproduce almost all (15 out of 16) of the known vulnerabilities and found several previously-unknown vulnerabilities in three open-source libraries.

show abstract

Automatically assessing vulnerabilities discovered by compositional analysis

Cited by 12 publications

References 33 publications

Combining Graph-Based Learning With Automated Data Collection for Code Vulnerability Detection

Combining Graph-Based Learning With Automated Data Collection for Code Vulnerability Detection

A Survey on Data-driven Software Vulnerability Assessment and Prioritization

Compositional Fuzzing Aided by Targeted Symbolic Execution

Contact Info

Product

Resources

About