Please use this identifier to cite or link to this item:
https://scholarbank.nus.edu.sg/handle/10635/244808
| Title: | Localizing Patch Points From One Exploit. | Authors: | Shen, Shiqi Kolluri, Aashish Dong, Zhen Saxena, Prateek Roychoudhury, Abhik |
Keywords: | cs.CR cs.CR cs.SE |
Issue Date: | 2020 | Citation: | Shen, Shiqi, Kolluri, Aashish, Dong, Zhen, Saxena, Prateek, Roychoudhury, Abhik (2020). Localizing Patch Points From One Exploit.. CoRR abs/2008.04516. ScholarBank@NUS Repository. | Abstract: | Automatic patch generation can significantly reduce the window of exposure after a vulnerability is disclosed. Towards this goal, a long-standing problem has been that of patch localization: to find a program point at which a patch can be synthesized. We present PatchLoc, one of the first systems which automatically identifies such a location in a vulnerable binary, given just one exploit, with high accuracy. PatchLoc does not make any assumptions about the availability of source code, test suites, or specialized knowledge of the vulnerability. PatchLoc pinpoints valid patch locations in large real-world applications with high accuracy for about 88% of 43 CVEs we study. These results stem from a novel approach to automatically synthesizing a test-suite which enables probabilistically ranking and effectively differentiating between candidate program patch locations. | Source Title: | CoRR | URI: | https://scholarbank.nus.edu.sg/handle/10635/244808 | ISSN: | 2331-8422 |
| Appears in Collections: | Staff Publications Elements Students Publications |
Show full item record
Files in This Item:
| File | Description | Size | Format | Access Settings | Version | |
|---|---|---|---|---|---|---|
| 2008.04516v1.pdf | 767.28 kB | Adobe PDF | OPEN | Pre-print | View/Download |
Google ScholarTM
Check
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.