Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

There are More Fish in the Sea: Automated Vulnerability Repair via Binary Templates

Bo Lin, Shangwen Wang, Liqian Chen, Xiaoguang Mao

TL;DR

This paper proposes a template-based automated vulnerability repair approach for Java binaries built on top of the literature, and collects fix templates from both existing template-based automated program repair approaches and vulnerability-specific analyses, which are then implemented for the Java binaries.

Abstract

As software vulnerabilities increase in both volume and complexity, vendors often struggle to repair them promptly. Automated vulnerability repair has emerged as a promising solution to reduce the burden of manual debugging and fixing activities. However, existing techniques exclusively focus on repairing the vulnerabilities at the source code level, which has various limitations. For example, they are not applicable to those (e.g., users or security analysts) who do not have access to the source code. Consequently, this restricts the practical application of these techniques, especially in cases where vendors are unable to provide timely patches. In this paper, we aim to address the above limitations by performing vulnerability repair at binary code level, and accordingly propose a template-based automated vulnerability repair approach for Java binaries. Built on top of the literature, we collect fix templates from both existing template-based automated program repair approaches and vulnerability-specific analyses, which are then implemented for the Java binaries. Our systematic application of these templates effectively mitigates vulnerabilities: experiments on the Vul4J dataset demonstrate that TemVUR successfully repairs 11 vulnerabilities, marking a notable 57.1% improvement over current repair techniques. Moreover, TemVUR securely fixes 66.7% more vulnerabilities compared to leading techniques (15 vs. 9), underscoring its effectiveness in mitigating the risks posed by these vulnerabilities. To assess the generalizability of TemVUR, we curate the ManyVuls4J dataset, which goes beyond Vul4J to encompass a wider diversity of vulnerabilities. With 30% more vulnerabilities than its predecessor (increasing from 79 to 103). The evaluation on ManyVuls4J reaffirms TemVUR's effectiveness and generalizability across a diverse set of real-world vulnerabilities.

There are More Fish in the Sea: Automated Vulnerability Repair via Binary Templates

TL;DR

This paper proposes a template-based automated vulnerability repair approach for Java binaries built on top of the literature, and collects fix templates from both existing template-based automated program repair approaches and vulnerability-specific analyses, which are then implemented for the Java binaries.

Abstract

As software vulnerabilities increase in both volume and complexity, vendors often struggle to repair them promptly. Automated vulnerability repair has emerged as a promising solution to reduce the burden of manual debugging and fixing activities. However, existing techniques exclusively focus on repairing the vulnerabilities at the source code level, which has various limitations. For example, they are not applicable to those (e.g., users or security analysts) who do not have access to the source code. Consequently, this restricts the practical application of these techniques, especially in cases where vendors are unable to provide timely patches. In this paper, we aim to address the above limitations by performing vulnerability repair at binary code level, and accordingly propose a template-based automated vulnerability repair approach for Java binaries. Built on top of the literature, we collect fix templates from both existing template-based automated program repair approaches and vulnerability-specific analyses, which are then implemented for the Java binaries. Our systematic application of these templates effectively mitigates vulnerabilities: experiments on the Vul4J dataset demonstrate that TemVUR successfully repairs 11 vulnerabilities, marking a notable 57.1% improvement over current repair techniques. Moreover, TemVUR securely fixes 66.7% more vulnerabilities compared to leading techniques (15 vs. 9), underscoring its effectiveness in mitigating the risks posed by these vulnerabilities. To assess the generalizability of TemVUR, we curate the ManyVuls4J dataset, which goes beyond Vul4J to encompass a wider diversity of vulnerabilities. With 30% more vulnerabilities than its predecessor (increasing from 79 to 103). The evaluation on ManyVuls4J reaffirms TemVUR's effectiveness and generalizability across a diverse set of real-world vulnerabilities.

Paper Structure

This paper contains 38 sections, 5 figures, 7 tables.

Table of Contents

  1. Introduction
  2. Background and Related Works
  3. Software Vulnerabilities
  4. Automated Vulnerability Repair
  5. Java Binary
  6. TemVUR
  7. Fix Template Definition
  8. Fault Localization
  9. Template Selection
  10. Patch Generation and Validation
  11. Implementation Details
  12. Study Design
  13. Research Questions
  14. Settings
  15. Baselines.
  16. ...and 23 more sections

Figures (5)

  • Figure 1: The overall workflow of TemVUR.
  • Figure 2: The overlaps of the vulnerabilities fixed by different approaches.
  • Figure 3: The patch from the developer for the Vul4J-46 vulnerability.
  • Figure 4: The patches from the developer and TemVUR for the Vul4J-23 vulnerability.
  • Figure 5: The patches and donor code for Vul4J-59.