Localizing Patch Points From One Exploit

08/11/2020
by   Shiqi Shen, et al.
0

Automatic patch generation can significantly reduce the window of exposure after a vulnerability is disclosed. Towards this goal, a long-standing problem has been that of patch localization: to find a program point at which a patch can be synthesized. We present PatchLoc, one of the first systems which automatically identifies such a location in a vulnerable binary, given just one exploit, with high accuracy. PatchLoc does not make any assumptions about the availability of source code, test suites, or specialized knowledge of the vulnerability. PatchLoc pinpoints valid patch locations in large real-world applications with high accuracy for about 88 results stem from a novel approach to automatically synthesizing a test-suite which enables probabilistically ranking and effectively differentiating between candidate program patch locations.

READ FULL TEXT

page 1

page 2

page 3

page 4

10/11/2019

Repairnator patches programs automatically

Repairnator is a bot. It constantly monitors software bugs discovered du...
04/28/2020

Minority Reports Defense: Defending Against Adversarial Patches

Deep learning image classification is vulnerable to adversarial attack, ...
03/31/2021

Exploring Plausible Patches Using Source Code Embeddings in JavaScript

Despite the immense popularity of the Automated Program Repair (APR) fie...
11/02/2017

Talos: Neutralizing Vulnerabilities with Security Workarounds for Rapid Response

Considerable delays often exist between the discovery of a vulnerability...
10/25/2021

RoBin: Facilitating the Reproduction of Configuration-Related Vulnerability

Vulnerability reproduction paves a way in debugging software failures, w...
02/09/2022

Providing Real-time Assistance for Repairing Runtime Exceptions using Stack Overflow Posts

Runtime Exceptions (REs) are an important class of bugs that occur frequ...
12/07/2020

Vulnerability Forecasting: In theory and practice

Why wait for zero-days when you could predict them in advance? It is pos...