BScout: Direct whole patch presence test for Java executables

Jiarun Dai; Yuan Zhang; Zheyue Jiang; Yingtian Zhou; Junyan Chen; Xinyu Xing; Xiaohan Zhang; Xin Tan; Min Yang; Zhemin Yang

BScout: Direct whole patch presence test for Java executables

Jiarun Dai, Yuan Zhang, Zheyue Jiang, Yingtian Zhou, Junyan Chen, Xinyu Xing, Xiaohan Zhang, Xin Tan, Min Yang, Zhemin Yang

College of Information Sciences and Technology

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

1 Scopus citations

Abstract

To protect end-users and software from known vulnerabilities, it is crucial to apply security patches to affected executables timely. To this end, patch presence tests are proposed with the capability of independently investigating patch application status on a target without source code. Existing work on patch presence testing adopts a signature-based approach. To make a trade-off between the uniqueness and the stability of the signature, existing work is limited to use a small and localized patch snippet (instead of the whole patch) for signature generation, so they are inherently unreliable. In light of this, we present BSCOUT, which directly checks the presence of a whole patch in Java executables without generating signatures. BSCOUT features several new techniques to bridge the semantic gap between source code and bytecode instructions during the testing, and accurately checks the fine-grained patch semantics in the whole target executable. We evaluate BScout with 194 CVEs from the Android framework and third-party libraries. The results show that it achieves remarkable accuracy with and without line number information (i.e., debug information) presented in a target executable. We further apply BSCOUT to perform a large-scale patch application practice study with 2,506 Android system images from 7 vendors. Our study reveals many findings that have not yet been reported.

Original language	English (US)
Title of host publication	Proceedings of the 29th USENIX Security Symposium
Publisher	USENIX Association
Pages	1147-1164
Number of pages	18
ISBN (Electronic)	9781939133175
State	Published - 2020
Event	29th USENIX Security Symposium - Virtual, Online Duration: Aug 12 2020 → Aug 14 2020

Publication series

Name	Proceedings of the 29th USENIX Security Symposium

Conference

Conference	29th USENIX Security Symposium
City	Virtual, Online
Period	8/12/20 → 8/14/20

All Science Journal Classification (ASJC) codes

Computer Networks and Communications
Information Systems
Safety, Risk, Reliability and Quality

Access to Document

Fingerprint Dive into the research topics of 'BScout: Direct whole patch presence test for Java executables'. Together they form a unique fingerprint.

Cite this

@inproceedings{d3945221d6e84e03bea6593ed551acef,

title = "BScout: Direct whole patch presence test for Java executables",

abstract = "To protect end-users and software from known vulnerabilities, it is crucial to apply security patches to affected executables timely. To this end, patch presence tests are proposed with the capability of independently investigating patch application status on a target without source code. Existing work on patch presence testing adopts a signature-based approach. To make a trade-off between the uniqueness and the stability of the signature, existing work is limited to use a small and localized patch snippet (instead of the whole patch) for signature generation, so they are inherently unreliable. In light of this, we present BSCOUT, which directly checks the presence of a whole patch in Java executables without generating signatures. BSCOUT features several new techniques to bridge the semantic gap between source code and bytecode instructions during the testing, and accurately checks the fine-grained patch semantics in the whole target executable. We evaluate BScout with 194 CVEs from the Android framework and third-party libraries. The results show that it achieves remarkable accuracy with and without line number information (i.e., debug information) presented in a target executable. We further apply BSCOUT to perform a large-scale patch application practice study with 2,506 Android system images from 7 vendors. Our study reveals many findings that have not yet been reported.",

author = "Jiarun Dai and Yuan Zhang and Zheyue Jiang and Yingtian Zhou and Junyan Chen and Xinyu Xing and Xiaohan Zhang and Xin Tan and Min Yang and Zhemin Yang",

note = "Funding Information: We would like to thank our shepherd Martina Lindorfer and anonymous reviewers for their helpful comments. This work was supported in part by the National Natural Science Foundation of China (U1636204, U1836210, U1836213, U1736208, 61972099, 61602123, 61602121), Natural Science Foundation of Shanghai (19ZR1404800), and National Program on Key Basic Research (NO. 2015CB358800). Min Yang is the corresponding author, and a faculty of Shanghai Institute of Intelligent Electronics & Systems, Shanghai Institute for Advanced Communication and Data Science, and Engineering Research Center of CyberSecurity Auditing and Monitoring, Ministry of Education, China.; 29th USENIX Security Symposium ; Conference date: 12-08-2020 Through 14-08-2020",

year = "2020",

language = "English (US)",

series = "Proceedings of the 29th USENIX Security Symposium",

publisher = "USENIX Association",

pages = "1147--1164",

booktitle = "Proceedings of the 29th USENIX Security Symposium",

}

BScout : Direct whole patch presence test for Java executables. / Dai, Jiarun; Zhang, Yuan; Jiang, Zheyue; Zhou, Yingtian; Chen, Junyan; Xing, Xinyu; Zhang, Xiaohan; Tan, Xin; Yang, Min; Yang, Zhemin.

Proceedings of the 29th USENIX Security Symposium. USENIX Association, 2020. p. 1147-1164 (Proceedings of the 29th USENIX Security Symposium).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - BScout

T2 - 29th USENIX Security Symposium

AU - Dai, Jiarun

AU - Zhang, Yuan

AU - Jiang, Zheyue

AU - Zhou, Yingtian

AU - Chen, Junyan

AU - Xing, Xinyu

AU - Zhang, Xiaohan

AU - Tan, Xin

AU - Yang, Min

AU - Yang, Zhemin

N1 - Funding Information: We would like to thank our shepherd Martina Lindorfer and anonymous reviewers for their helpful comments. This work was supported in part by the National Natural Science Foundation of China (U1636204, U1836210, U1836213, U1736208, 61972099, 61602123, 61602121), Natural Science Foundation of Shanghai (19ZR1404800), and National Program on Key Basic Research (NO. 2015CB358800). Min Yang is the corresponding author, and a faculty of Shanghai Institute of Intelligent Electronics & Systems, Shanghai Institute for Advanced Communication and Data Science, and Engineering Research Center of CyberSecurity Auditing and Monitoring, Ministry of Education, China.

PY - 2020

Y1 - 2020

N2 - To protect end-users and software from known vulnerabilities, it is crucial to apply security patches to affected executables timely. To this end, patch presence tests are proposed with the capability of independently investigating patch application status on a target without source code. Existing work on patch presence testing adopts a signature-based approach. To make a trade-off between the uniqueness and the stability of the signature, existing work is limited to use a small and localized patch snippet (instead of the whole patch) for signature generation, so they are inherently unreliable. In light of this, we present BSCOUT, which directly checks the presence of a whole patch in Java executables without generating signatures. BSCOUT features several new techniques to bridge the semantic gap between source code and bytecode instructions during the testing, and accurately checks the fine-grained patch semantics in the whole target executable. We evaluate BScout with 194 CVEs from the Android framework and third-party libraries. The results show that it achieves remarkable accuracy with and without line number information (i.e., debug information) presented in a target executable. We further apply BSCOUT to perform a large-scale patch application practice study with 2,506 Android system images from 7 vendors. Our study reveals many findings that have not yet been reported.

AB - To protect end-users and software from known vulnerabilities, it is crucial to apply security patches to affected executables timely. To this end, patch presence tests are proposed with the capability of independently investigating patch application status on a target without source code. Existing work on patch presence testing adopts a signature-based approach. To make a trade-off between the uniqueness and the stability of the signature, existing work is limited to use a small and localized patch snippet (instead of the whole patch) for signature generation, so they are inherently unreliable. In light of this, we present BSCOUT, which directly checks the presence of a whole patch in Java executables without generating signatures. BSCOUT features several new techniques to bridge the semantic gap between source code and bytecode instructions during the testing, and accurately checks the fine-grained patch semantics in the whole target executable. We evaluate BScout with 194 CVEs from the Android framework and third-party libraries. The results show that it achieves remarkable accuracy with and without line number information (i.e., debug information) presented in a target executable. We further apply BSCOUT to perform a large-scale patch application practice study with 2,506 Android system images from 7 vendors. Our study reveals many findings that have not yet been reported.

UR - http://www.scopus.com/inward/record.url?scp=85091905497&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85091905497&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:85091905497

T3 - Proceedings of the 29th USENIX Security Symposium

SP - 1147

EP - 1164

BT - Proceedings of the 29th USENIX Security Symposium

PB - USENIX Association

Y2 - 12 August 2020 through 14 August 2020

ER -