Arbiter: Bridging the Static and Dynamic Divide in Vulnerability Discovery on Binary Programs

Jayakrishna Vadayath; Moritz Eckert; Kyle Zeng; Nicolaas Weideman; Gokulkrishna Praveen Menon; Yanick Fratantonio; Davide Balzarotti; Adam Doupé; Tiffany Bao; Ruoyu Wang; Christophe Hauser; Yan Shoshitaishvili

Arbiter: Bridging the Static and Dynamic Divide in Vulnerability Discovery on Binary Programs

Jayakrishna Vadayath, Moritz Eckert, Kyle Zeng, Nicolaas Weideman, Gokulkrishna Praveen Menon, Yanick Fratantonio, Davide Balzarotti, Adam Doupé, Tiffany Bao, Ruoyu Wang, Christophe Hauser, Yan Shoshitaishvili

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

6 Scopus citations

Abstract

In spite of their effectiveness in the context of vulnerability discovery, current state-of-the-art binary program analysis approaches are limited by inherent trade-offs between accuracy and scalability. In this paper, we identify a set of vulnerability properties that can aid both static and dynamic vulnerability detection techniques, improving the precision of the former and the scalability of the latter. By carefully integrating static and dynamic techniques, we detect vulnerabilities that exhibit these properties in real-world programs at a large scale. We implemented our technique, making several advancements in the analysis of binary code, and created a prototype called ARBITER. We demonstrate the effectiveness of our approach with a large-scale evaluation on four common vulnerability classes: CWE-131 (Incorrect Calculation of Buffer Size), CWE-252 (Unchecked Return Value), CWE-134 (Uncontrolled Format String), and CWE-337 (Predictable Seed in Pseudo-Random Number Generator). We evaluated our approach on more than 76,516 x86-64 binaries in the Ubuntu repositories and discovered new vulnerabilities, including a flaw inserted into programs during compilation.

Original language	English (US)
Title of host publication	Proceedings of the 31st USENIX Security Symposium, Security 2022
Publisher	USENIX Association
Pages	413-430
Number of pages	18
ISBN (Electronic)	9781939133311
State	Published - 2022
Event	31st USENIX Security Symposium, Security 2022 - Boston, United States Duration: Aug 10 2022 → Aug 12 2022

Publication series

Name	Proceedings of the 31st USENIX Security Symposium, Security 2022

Conference

Conference	31st USENIX Security Symposium, Security 2022
Country/Territory	United States
City	Boston
Period	8/10/22 → 8/12/22

ASJC Scopus subject areas

Computer Networks and Communications
Information Systems
Safety, Risk, Reliability and Quality

Cite this

Vadayath, J., Eckert, M., Zeng, K., Weideman, N., Menon, G. P., Fratantonio, Y., Balzarotti, D., Doupé, A., Bao, T., Wang, R., Hauser, C., & Shoshitaishvili, Y. (2022). Arbiter: Bridging the Static and Dynamic Divide in Vulnerability Discovery on Binary Programs. In Proceedings of the 31st USENIX Security Symposium, Security 2022 (pp. 413-430). (Proceedings of the 31st USENIX Security Symposium, Security 2022). USENIX Association.

Arbiter: Bridging the Static and Dynamic Divide in Vulnerability Discovery on Binary Programs. / Vadayath, Jayakrishna; Eckert, Moritz; Zeng, Kyle et al.
Proceedings of the 31st USENIX Security Symposium, Security 2022. USENIX Association, 2022. p. 413-430 (Proceedings of the 31st USENIX Security Symposium, Security 2022).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Vadayath, J, Eckert, M, Zeng, K, Weideman, N, Menon, GP, Fratantonio, Y, Balzarotti, D, Doupé, A , Bao, T , Wang, R, Hauser, C & Shoshitaishvili, Y 2022, Arbiter: Bridging the Static and Dynamic Divide in Vulnerability Discovery on Binary Programs. in Proceedings of the 31st USENIX Security Symposium, Security 2022. Proceedings of the 31st USENIX Security Symposium, Security 2022, USENIX Association, pp. 413-430, 31st USENIX Security Symposium, Security 2022, Boston, United States, 8/10/22.

@inproceedings{a8f2b64f0bdc467186b45226a86810ff,

title = "Arbiter: Bridging the Static and Dynamic Divide in Vulnerability Discovery on Binary Programs",

abstract = "In spite of their effectiveness in the context of vulnerability discovery, current state-of-the-art binary program analysis approaches are limited by inherent trade-offs between accuracy and scalability. In this paper, we identify a set of vulnerability properties that can aid both static and dynamic vulnerability detection techniques, improving the precision of the former and the scalability of the latter. By carefully integrating static and dynamic techniques, we detect vulnerabilities that exhibit these properties in real-world programs at a large scale. We implemented our technique, making several advancements in the analysis of binary code, and created a prototype called ARBITER. We demonstrate the effectiveness of our approach with a large-scale evaluation on four common vulnerability classes: CWE-131 (Incorrect Calculation of Buffer Size), CWE-252 (Unchecked Return Value), CWE-134 (Uncontrolled Format String), and CWE-337 (Predictable Seed in Pseudo-Random Number Generator). We evaluated our approach on more than 76,516 x86-64 binaries in the Ubuntu repositories and discovered new vulnerabilities, including a flaw inserted into programs during compilation.",

author = "Jayakrishna Vadayath and Moritz Eckert and Kyle Zeng and Nicolaas Weideman and Menon, {Gokulkrishna Praveen} and Yanick Fratantonio and Davide Balzarotti and Adam Doup{\'e} and Tiffany Bao and Ruoyu Wang and Christophe Hauser and Yan Shoshitaishvili",

note = "Publisher Copyright: {\textcopyright} USENIX Security Symposium, Security 2022.All rights reserved.; 31st USENIX Security Symposium, Security 2022 ; Conference date: 10-08-2022 Through 12-08-2022",

year = "2022",

language = "English (US)",

series = "Proceedings of the 31st USENIX Security Symposium, Security 2022",

publisher = "USENIX Association",

pages = "413--430",

booktitle = "Proceedings of the 31st USENIX Security Symposium, Security 2022",

}

TY - GEN

T1 - Arbiter

T2 - 31st USENIX Security Symposium, Security 2022

AU - Vadayath, Jayakrishna

AU - Eckert, Moritz

AU - Zeng, Kyle

AU - Weideman, Nicolaas

AU - Menon, Gokulkrishna Praveen

AU - Fratantonio, Yanick

AU - Balzarotti, Davide

AU - Doupé, Adam

AU - Bao, Tiffany

AU - Wang, Ruoyu

AU - Hauser, Christophe

AU - Shoshitaishvili, Yan

PY - 2022

Y1 - 2022

N2 - In spite of their effectiveness in the context of vulnerability discovery, current state-of-the-art binary program analysis approaches are limited by inherent trade-offs between accuracy and scalability. In this paper, we identify a set of vulnerability properties that can aid both static and dynamic vulnerability detection techniques, improving the precision of the former and the scalability of the latter. By carefully integrating static and dynamic techniques, we detect vulnerabilities that exhibit these properties in real-world programs at a large scale. We implemented our technique, making several advancements in the analysis of binary code, and created a prototype called ARBITER. We demonstrate the effectiveness of our approach with a large-scale evaluation on four common vulnerability classes: CWE-131 (Incorrect Calculation of Buffer Size), CWE-252 (Unchecked Return Value), CWE-134 (Uncontrolled Format String), and CWE-337 (Predictable Seed in Pseudo-Random Number Generator). We evaluated our approach on more than 76,516 x86-64 binaries in the Ubuntu repositories and discovered new vulnerabilities, including a flaw inserted into programs during compilation.

AB - In spite of their effectiveness in the context of vulnerability discovery, current state-of-the-art binary program analysis approaches are limited by inherent trade-offs between accuracy and scalability. In this paper, we identify a set of vulnerability properties that can aid both static and dynamic vulnerability detection techniques, improving the precision of the former and the scalability of the latter. By carefully integrating static and dynamic techniques, we detect vulnerabilities that exhibit these properties in real-world programs at a large scale. We implemented our technique, making several advancements in the analysis of binary code, and created a prototype called ARBITER. We demonstrate the effectiveness of our approach with a large-scale evaluation on four common vulnerability classes: CWE-131 (Incorrect Calculation of Buffer Size), CWE-252 (Unchecked Return Value), CWE-134 (Uncontrolled Format String), and CWE-337 (Predictable Seed in Pseudo-Random Number Generator). We evaluated our approach on more than 76,516 x86-64 binaries in the Ubuntu repositories and discovered new vulnerabilities, including a flaw inserted into programs during compilation.

UR - http://www.scopus.com/inward/record.url?scp=85140992474&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85140992474&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:85140992474

T3 - Proceedings of the 31st USENIX Security Symposium, Security 2022

SP - 413

EP - 430

BT - Proceedings of the 31st USENIX Security Symposium, Security 2022

PB - USENIX Association

Y2 - 10 August 2022 through 12 August 2022

ER -

Arbiter: Bridging the Static and Dynamic Divide in Vulnerability Discovery on Binary Programs

Abstract

Publication series

Conference

ASJC Scopus subject areas

Other files and links

Fingerprint

Cite this