Test mimicry to assess the exploitability of library vulnerabilities
Modern software engineering projects often depend on open-source software libraries, rendering them vulnerable to potential security issues in these libraries. Developers of client projects have to stay alert of security threats in the software dependencies. While there are existing tools that allow...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2022
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/7626 https://ink.library.smu.edu.sg/context/sis_research/article/8629/viewcontent/Test_mimicry_to_assess_the_exploitability_of_library_vulnerabilities.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-8629 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-86292023-01-10T04:01:34Z Test mimicry to assess the exploitability of library vulnerabilities KANG, Hong Jin NGUYEN, Truong Giang LE, Bach PASAREANU, Corina S. LO, David Modern software engineering projects often depend on open-source software libraries, rendering them vulnerable to potential security issues in these libraries. Developers of client projects have to stay alert of security threats in the software dependencies. While there are existing tools that allow developers to assess if a library vulnerability is reachable from a project, they face limitations. Call graphonly approaches may produce false alarms as the client project may not use the vulnerable code in a way that triggers the vulnerability, while test generation-based approaches faces difficulties in overcoming the intrinsic complexity of exploiting a vulnerability, where extensive domain knowledge may be required to produce a vulnerability-triggering input. In this work, we propose a new framework named Test Mimicry,that constructs a test case for a client project that exploits a vulnerability in its library dependencies. Given a test case in a software library that reveals a vulnerability, our approach captures the program state associated with the vulnerability. Then, it guides test generation to construct a test case for the client program to invoke the library such that it reaches the same program state as the library’s test case. Our framework is implemented in a tool, Transfer, which uses search-based test generation. Based on the library’s test case, we produce search goals that represent the program state triggering the vulnerability. Our empirical evaluation on 22 real library vulnerabilities and 64 client programs shows that Transferoutperforms an existing approach, Siege; Transfer generates 4x more test cases that demonstrate the exploitability of vulnerabilities from client projects than Siege. 2022-07-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/7626 info:doi/10.1145/3533767.3534398 https://ink.library.smu.edu.sg/context/sis_research/article/8629/viewcontent/Test_mimicry_to_assess_the_exploitability_of_library_vulnerabilities.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Library vulnerabilities Search-based test generation Artificial Intelligence and Robotics Databases and Information Systems Information Security Software Engineering |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
Library vulnerabilities Search-based test generation Artificial Intelligence and Robotics Databases and Information Systems Information Security Software Engineering |
| spellingShingle |
Library vulnerabilities Search-based test generation Artificial Intelligence and Robotics Databases and Information Systems Information Security Software Engineering KANG, Hong Jin NGUYEN, Truong Giang LE, Bach PASAREANU, Corina S. LO, David Test mimicry to assess the exploitability of library vulnerabilities |
| description |
Modern software engineering projects often depend on open-source software libraries, rendering them vulnerable to potential security issues in these libraries. Developers of client projects have to stay alert of security threats in the software dependencies. While there are existing tools that allow developers to assess if a library vulnerability is reachable from a project, they face limitations. Call graphonly approaches may produce false alarms as the client project may not use the vulnerable code in a way that triggers the vulnerability, while test generation-based approaches faces difficulties in overcoming the intrinsic complexity of exploiting a vulnerability, where extensive domain knowledge may be required to produce a vulnerability-triggering input. In this work, we propose a new framework named Test Mimicry,that constructs a test case for a client project that exploits a vulnerability in its library dependencies. Given a test case in a software library that reveals a vulnerability, our approach captures the program state associated with the vulnerability. Then, it guides test generation to construct a test case for the client program to invoke the library such that it reaches the same program state as the library’s test case. Our framework is implemented in a tool, Transfer, which uses search-based test generation. Based on the library’s test case, we produce search goals that represent the program state triggering the vulnerability. Our empirical evaluation on 22 real library vulnerabilities and 64 client programs shows that Transferoutperforms an existing approach, Siege; Transfer generates 4x more test cases that demonstrate the exploitability of vulnerabilities from client projects than Siege. |
| format |
text |
| author |
KANG, Hong Jin NGUYEN, Truong Giang LE, Bach PASAREANU, Corina S. LO, David |
| author_facet |
KANG, Hong Jin NGUYEN, Truong Giang LE, Bach PASAREANU, Corina S. LO, David |
| author_sort |
KANG, Hong Jin |
| title |
Test mimicry to assess the exploitability of library vulnerabilities |
| title_short |
Test mimicry to assess the exploitability of library vulnerabilities |
| title_full |
Test mimicry to assess the exploitability of library vulnerabilities |
| title_fullStr |
Test mimicry to assess the exploitability of library vulnerabilities |
| title_full_unstemmed |
Test mimicry to assess the exploitability of library vulnerabilities |
| title_sort |
test mimicry to assess the exploitability of library vulnerabilities |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2022 |
| url |
https://ink.library.smu.edu.sg/sis_research/7626 https://ink.library.smu.edu.sg/context/sis_research/article/8629/viewcontent/Test_mimicry_to_assess_the_exploitability_of_library_vulnerabilities.pdf |
| _version_ |
1770576397062897664 |