Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Path-wise Vulnerability Mitigation

Zhen Huang, Hristina Dokic

TL;DR

Path-wise vulnerability mitigation tackles the pre-patch window by introducing mitigation patches that target vulnerable program paths rather than entire functions. PAVER builds a program path graph through static analysis, identifies candidate patch locations at first non-conditional successors of conditionals, and synthesizes patches that divert control to existing error handling, ranking them by preserved functionality ratio ($PFR$). The approach is evaluated on real-world vulnerabilities and shows that path-wise patches often preserve significantly more functionality than function-level patches like Talos, while still preventing exploitation. These results suggest that rapid, low-side-effect mitigation patches can substantially reduce the risk window before vulnerability fixes are released, with practical impact for software defense.

Abstract

Software vulnerabilities are prevalent but fixing software vulnerabilities is not trivial. Studies have shown that a considerable prepatch window exists because it often takes weeks or months for software vendors to fix a vulnerability. Existing approaches aim to reduce the pre-patch window by generating and applying mitigation patches that prevent adversaries from exploiting vulnerabilities rather than fix vulnerabilities. Because mitigation patches typically terminate the execution of vulnerability-triggering program paths at the level of functions, they can have significant side-effects. This paper describes an approach called PAVER that generates and inserts mitigation patches at the level of program paths, i.e. path-wise vulnerability mitigation patches, in order to reduce their side-effects. PAVER generates a program path graph that includes the paths leading to vulnerabilities and the control dependencies on these paths, then identifies candidate patch locations based on the program path graph. For each candidate patch location, PAVER generates and inserts a mitigation patch, and tests the patched program to assess the side-effect of the patch. It ranks the patches by the extent of their side-effects. We evaluates the prototype of PAVER on real world vulnerabilities and the evaluation shows that our path-wise vulnerability mitigation patches can achieve minimum side-effects.

Path-wise Vulnerability Mitigation

TL;DR

Path-wise vulnerability mitigation tackles the pre-patch window by introducing mitigation patches that target vulnerable program paths rather than entire functions. PAVER builds a program path graph through static analysis, identifies candidate patch locations at first non-conditional successors of conditionals, and synthesizes patches that divert control to existing error handling, ranking them by preserved functionality ratio (). The approach is evaluated on real-world vulnerabilities and shows that path-wise patches often preserve significantly more functionality than function-level patches like Talos, while still preventing exploitation. These results suggest that rapid, low-side-effect mitigation patches can substantially reduce the risk window before vulnerability fixes are released, with practical impact for software defense.

Abstract

Software vulnerabilities are prevalent but fixing software vulnerabilities is not trivial. Studies have shown that a considerable prepatch window exists because it often takes weeks or months for software vendors to fix a vulnerability. Existing approaches aim to reduce the pre-patch window by generating and applying mitigation patches that prevent adversaries from exploiting vulnerabilities rather than fix vulnerabilities. Because mitigation patches typically terminate the execution of vulnerability-triggering program paths at the level of functions, they can have significant side-effects. This paper describes an approach called PAVER that generates and inserts mitigation patches at the level of program paths, i.e. path-wise vulnerability mitigation patches, in order to reduce their side-effects. PAVER generates a program path graph that includes the paths leading to vulnerabilities and the control dependencies on these paths, then identifies candidate patch locations based on the program path graph. For each candidate patch location, PAVER generates and inserts a mitigation patch, and tests the patched program to assess the side-effect of the patch. It ranks the patches by the extent of their side-effects. We evaluates the prototype of PAVER on real world vulnerabilities and the evaluation shows that our path-wise vulnerability mitigation patches can achieve minimum side-effects.
Paper Structure (15 sections, 2 figures, 3 tables)

This paper contains 15 sections, 2 figures, 3 tables.

Table of Contents

  1. Introduction
  2. Problem Definition
  3. Design
  4. Overview
  5. Finding Vulnerable Paths
  6. Identifying Patch Locations
  7. Synthesizing and Ranking Patches
  8. Evaluation
  9. Measuring Side-effects
  10. Benchmarks
  11. Side-effects of Patches
  12. Levels of Patches
  13. Related Work
  14. Limitations
  15. Conclusion

Figures (2)

  • Figure 1: Example path-wise vulnerability mitigation patch locations: both path a-1-b-2-c-4-5 and path a-1-b-3-c-4-5 lead to a vulnerability; basic block 1, 4, or basic blocks 2 and 3 are candidate patch locations; dotted arrows denote control dependencies.
  • Figure 2: Workflow of PAVER.