Back to Search Start Over

Research on PoC Refactoring of Third-party Library in Heterogeneous Environment

Authors :
SONG Wenkai, YOU Wei, LIANG Bin, HUANG Jianjun, SHI Wenchang
Source :
Jisuanji kexue, Vol 50, Iss 4, Pp 277-287 (2023)
Publication Year :
2023
Publisher :
Editorial office of Computer Science, 2023.

Abstract

Vulnerabilities in third-party libraries are widely propagated to host applications(software that using third-party libra-ries),and developers of host applications usually fail to fix these vulnerabilities in a timely manner,which easily leads to security problems.In order to explore the impact of third-party library vulnerabilities on the host applications,it is particularly important to effectively verify whether the vulnerabilities propagated to the host application can still be triggered.The latest research applies taint analysis and symbolic execution to transform the PoC of third-party libraries to make it suitable for host applications.However,there are often differences between the test environment of the third-party library and the real environment of the host application (they are heterogeneous environments),so that the PoC transformed by the above method is still difficult to apply to the host application.To solve the above problems,a method for PoC refactoring in heterogeneous environment is proposed,which can be divided into four steps.Firstly,we exeract the execution traces in the third-party library test environment and the host application environment respectively when the original PoC is input.Secondly,we compare and analyze the two traces obtained in the first step to identify differences.Thirdly,we analyze codes at difference points to identify the key variables that cause the diffe-rences.Finally,we locate the key fields in the PoC that can affect the state of key variables,by mutating the key fields of the PoC,we try to modify the state of the key variables and align the difference paths,guide the execution flow of the host application to reach the vulnerability code,and eventually we complete the refactoring of the PoC.Experiments are carried out on 11 real-world PoCs,and the experimental results show that the proposed method can successfully verify the triggerability of the propagated vu-lnerability in the host application in a heterogeneous environment.

Subjects

Subjects :
poc
third-party library
heterogeneous environments
refactoring
Computer software
QA76.75-76.765
Technology (General)
T1-995

Details

Language :
Chinese
ISSN :
1002137X
Volume :
50
Issue :
4
Database :
Directory of Open Access Journals
Journal :
Jisuanji kexue
Publication Type :
Academic Journal
Accession number :
edsdoj.4fb0be9b2e8e4dfe85e380e01492a564
Document Type :
article
Full Text :
https://doi.org/10.11896/jsjkx.220500092
Full Text Access
View/download PDF

Tools

Authors Abstract Subjects Details