Contenu connexe
Similaire à [論文紹介] VCC-Finder: Finding Potential Vulnerabilities in Open-Source Projects to Assist Code Audits (20)
[論文紹介] VCC-Finder: Finding Potential Vulnerabilities in Open-Source Projects to Assist Code Audits
- 1. VCC-FINDER: FINDING POTENTIALVULNERABILITIES
IN OPEN-SOURCE PROJECTSTO ASSIST CODE AUDITS
: ACM CCS 2015 http://
www.sigsac.org/ccs/CCS2015/
Henning Perl, Sergej Dechand, Matthew Smith, Daniel Arp,
FabianYamaguchi, Konrad Rieck, Sascha Fahl, andYasemin
Acar. 2015.VCCFinder: Finding PotentialVulnerabilities in
Open-Source Projects to Assist Code Audits. In
Proceedings of the 22nd ACM SIGSAC Conference on
Computer and Communications Security (CCS '15).ACM,
NewYork, NY, USA, 426-437. DOI=http://dx.doi.org/
10.1145/2810103.2813604
: KentaYamamoto <ymkjp@jaist.ac.jp>
- 6. 3.VCC
66 , 170,860 , 718CVE
: C C++
VCC
https://www.dropbox.com/s/x1shbyw0nmd2x45/vcc-
database.dump?dl=0
VCC
- 10. VCC
15% VCC (96 )
3.1% (3 )
`blame`
`blame` 3
e.g. Update libtool to version 2.2.8. · vadz/
libtiff@31040a3 https://github.com/vadz/libtiff/commit/
31040a39
VCC-Finder
3.1%
VCC 640 169,502
CVE
- 14. 3-4.
Mann-Whitney U ( ;
2 )
VCC
VCC * 2
p < 0.000357, 0.01/28
( familywise error rate
)
effect size ( )
: `if` 70%
VCC
VCC
- 16. 4. VCC
VCC
Generality ( ):
Scalability ( ):
Explainability ( ):
Generalised Bag-of-Words Model
(SVM)
Git, GitHub
S
- 18. 4-2.
1 linear SupportVector Machines (SVM)
Linear SVM
SVM
LibLinear
VCC-Finder Linear SVM
LibLinear
2 VCC
ω
ω
φ(x) ω φ(x)
f(x) = (x), ω = Σs∈S ωs b(x, s)
cf.
Linear SVM
VCC C = 1,
W = 100
- 19. 5.
SVM (-2011) vs.
(2011-2014) cf.
(TP): SVM
CVE-2012-2119, Linux Karnel. ,
, `socket`
CVE-2013-0862, FFmpeg.
, 1
CVE-2014-1438, Linux Karnel. ,
, ,
`__input` `user`
CVE-2014-0148 Qemu.
"opaque", "*bs", "bytes"
(FP) : CVE
VCC
FFmpeg
cca1a42653 . :
, ,
- 22. : PRECISION-RECALL CURVE
Precision (P), Recall (R), true positives (Tp), false positive (Fp),
false negative (Fn)
P = Tp / (Tp + Fp)
R = Tp / (Fp + Fn)
Ref.“Image Matching in Large Scale Indoor Environment” -
http://www.cs.cmu.edu/~hebert/
indexing.html
- 23. VCC-FINDER
VCC goto
`goto` `out`
`error`
SVM `-EINVAL`
C goto
goto
`exception` `error-handling`
: Apple SSL/TSL
https://www.imperialviolet.org/2014/02/22/applebug.html
`sizeof` `len`, `length`
VCC `buf`, `net`, `socket`
1%
5 (
: p < 0.0001)
- 26. APPENDIX:
C C++
(Linux, Kerberos, OpenSSL, etc.)
66 GitHub
Portspoof, GnuPG, Kerberos, PHP, MapServer, HHVM, Mozilla
Gecko, Quagga, libav, Libreswan, Redland Raptor RDF syntax
library, charybdis, Jabberd2, ClusterLabs pacemaker, bdwgc,
pango, qemu, glibc, OpenVPN, torque, curl, jansson,
PostgreSQL, corosync, tinc, FFmpeg, nedmalloc, mosh, trojita,
inspircd, nspluginwrapper, cherokee webserver, openssl, libfep,
quassel, polarssl, radvd, tntnet,Android Platform Bionic, uzbl,
LibRaw, znc, nbd, Pidgin,V8, SpiderLabs ModSecurity, file,
graphviz, Linux Kernel, libti, ZRTPCPP, taglib, suhosin, Phusion
passenger, monkey, memcached, lxc, libguestfs, libarchive,
Beanstalkd, Flac, libX11, Xen, libvirt,Wireshark, and Apache
HTTPD