[論文紹介] VCC-Finder: Finding Potential Vulnerabilities in Open-Source Projects to Assist Code Audits
•
0 likes•786 views
1. VCC-Finder is a tool that uses machine learning to identify Vulnerability-Contributing Commits (VCCs) in open source projects from version control histories like Git in order to assist code audits. 2. It analyzed 66 open source projects written in C and C++ with over 170,000 commits total, and identified 640 VCCs corresponding to 718 CVEs, with a precision of 99% compared to existing static analysis tools. 3. The tool works by representing commits as bag-of-words models of code changes based on identifiers, then using a linear SVM classifier trained on prior VCCs to label new commits as vulnerability-contributing or not. This
Recommended
More Related Content
Viewers also liked
Similar to [論文紹介] VCC-Finder: Finding Potential Vulnerabilities in Open-Source Projects to Assist Code Audits
Similar to [論文紹介] VCC-Finder: Finding Potential Vulnerabilities in Open-Source Projects to Assist Code Audits (20)
Recently uploaded
Recently uploaded (20)
[論文紹介] VCC-Finder: Finding Potential Vulnerabilities in Open-Source Projects to Assist Code Audits
- 1. VCC-FINDER: FINDING POTENTIALVULNERABILITIES IN OPEN-SOURCE PROJECTSTO ASSIST CODE AUDITS : ACM CCS 2015 http:// www.sigsac.org/ccs/CCS2015/ Henning Perl, Sergej Dechand, Matthew Smith, Daniel Arp, FabianYamaguchi, Konrad Rieck, Sascha Fahl, andYasemin Acar. 2015.VCCFinder: Finding PotentialVulnerabilities in Open-Source Projects to Assist Code Audits. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (CCS '15).ACM, NewYork, NY, USA, 426-437. DOI=http://dx.doi.org/ 10.1145/2810103.2813604 : KentaYamamoto <ymkjp@jaist.ac.jp>
- 3. -VCC-FINDER VCC-Finder ( false-positive) “VCC” (Vulnerability-contributing Commits): CVE GitHub 640 VCC SVM FlawFinder recall false-positive 99%
- 4. - CVE 2000 1000 2010 4500 2014 8000 OSS if-statement switch-statement FlawFinder Flawfinder 53 true positive 5,460 false positive 1
- 5. FlawFinder Rats, Prefast, Splint Coventry SCM (Software configuration management) fix bug SVM C
- 6. 3.VCC 66 , 170,860 , 718CVE : C C++ VCC https://www.dropbox.com/s/x1shbyw0nmd2x45/vcc- database.dump?dl=0 VCC
- 7. #1 e.g. CVE GitHub CVE CVE 2 1. CVE 2. CVE ID 10% 718 CVE
- 8. #2 VCC VCC Git (`git blame` ) VCC 718 CVE 640 VCC VCC 1 CVE
- 9. #2VCC 1. 2. `blame` : diff 3. `blame` : fix 4. `blame` (VCC) `blame` VCC
- 10. VCC 15% VCC (96 ) 3.1% (3 ) `blame` `blame` 3 e.g. Update libtool to version 2.2.8. · vadz/ libtiff@31040a3 https://github.com/vadz/libtiff/commit/ 31040a39 VCC-Finder 3.1% VCC 640 169,502 CVE
- 12. 1
- 13. 3-2.VCC GitHub GitHub : i.e. / : 1 diff (hunk) : `bag of words` : C C++
- 14. 3-4. Mann-Whitney U ( ; 2 ) VCC VCC * 2 p < 0.000357, 0.01/28 ( familywise error rate ) effect size ( ) : `if` 70% VCC VCC
- 15. 2
- 16. 4. VCC VCC Generality ( ): Scalability ( ): Explainability ( ): Generalised Bag-of-Words Model (SVM) Git, GitHub S
- 17. 4-1. BAG-OF-WORDS S email φ φ: X → ℝ^|S|, φ: x ⟼ (b(x, s))s∈S X ,x ∈ X b(x, s) s x 0, 1 x 0
- 18. 4-2. 1 linear SupportVector Machines (SVM) Linear SVM SVM LibLinear VCC-Finder Linear SVM LibLinear 2 VCC ω ω φ(x) ω φ(x) f(x) = (x), ω = Σs∈S ωs b(x, s) cf. Linear SVM VCC C = 1, W = 100
- 19. 5. SVM (-2011) vs. (2011-2014) cf. (TP): SVM CVE-2012-2119, Linux Karnel. , , `socket` CVE-2013-0862, FFmpeg. , 1 CVE-2014-1438, Linux Karnel. , , , `__input` `user` CVE-2014-0148 Qemu. "opaque", "*bs", "bytes" (FP) : CVE VCC FFmpeg cca1a42653 . : , ,
- 21. VCC-FINDER FLAWFINDER 2 VCC-Finder vs. Flawfinder (precision) - (recall) Flawfinder
- 22. : PRECISION-RECALL CURVE Precision (P), Recall (R), true positives (Tp), false positive (Fp), false negative (Fn) P = Tp / (Tp + Fp) R = Tp / (Fp + Fn) Ref.“Image Matching in Large Scale Indoor Environment” - http://www.cs.cmu.edu/~hebert/ indexing.html
- 23. VCC-FINDER VCC goto `goto` `out` `error` SVM `-EINVAL` C goto goto `exception` `error-handling` : Apple SSL/TSL https://www.imperialviolet.org/2014/02/22/applebug.html `sizeof` `len`, `length` VCC `buf`, `net`, `socket` 1% 5 ( : p < 0.0001)
- 25. VCC-Finder Flawfinder C C++ 170,860 2010 2011 2014 Flawfinder 99% 219 53 Flawfinder 5460 36 VCC Flawfinder
- 26. APPENDIX: C C++ (Linux, Kerberos, OpenSSL, etc.) 66 GitHub Portspoof, GnuPG, Kerberos, PHP, MapServer, HHVM, Mozilla Gecko, Quagga, libav, Libreswan, Redland Raptor RDF syntax library, charybdis, Jabberd2, ClusterLabs pacemaker, bdwgc, pango, qemu, glibc, OpenVPN, torque, curl, jansson, PostgreSQL, corosync, tinc, FFmpeg, nedmalloc, mosh, trojita, inspircd, nspluginwrapper, cherokee webserver, openssl, libfep, quassel, polarssl, radvd, tntnet,Android Platform Bionic, uzbl, LibRaw, znc, nbd, Pidgin,V8, SpiderLabs ModSecurity, file, graphviz, Linux Kernel, libti, ZRTPCPP, taglib, suhosin, Phusion passenger, monkey, memcached, lxc, libguestfs, libarchive, Beanstalkd, Flac, libX11, Xen, libvirt,Wireshark, and Apache HTTPD
- 27. 1. (e.g. ref. https://twitter.com/ neubig/status/712857703241089024 ) VCC Flawfinder recall precision 99% 2 CVE CVE-ID CVE Linear SVM 2. Git 4. 5 5. Prophet VCC-Finder ref. http://people.csail.mit.edu/fanl/papers/prophet-popl16.pdf
- 28. THANKYOU FORYOUR ATTENTION Donating to OpenSSL https://www.openssl.org/support/donations.html