Reference-based Automatic Security Patch Generation

Abstract

Existing automatic program repair (APR) solutions still face two challenges when fixing vulnerable programs. First, the fault localization stage may mark too many potential faulty statements and assign low priority for the true vulnerable ones. Second, it is hardto guarantee the correctness of the generated patches even if they may have passed the given tests (i.e., the overfitting problem).Moreover, previous APR approaches focus more on integrating the invariant to the original condition when the target location is an if, for, or while statement or generating an if-guard, but they cannot fix other types of vulnerabilities such as the double-free oruse-after-free that are due to mismatching allocation and deallocation functions. In this work, we propose to use reference implementations, including both a vulnerable reference code and a patched reference code, for automatically patching a target vulnerable code that semantically implements an equivalent functionality (e.g., quick search vs. linear search). We target at solving three challenging problems including: (i) how to recognize the types of vulnerabilities? (ii) how to decide the set of components for specific type of vulnerability? (iii) how to synthesize patches for different types of vulnerabilities (difficulty level)? With the inferred vulnerability and desired specification retrieved from the reference implementations, our solution can bring three major benefits, namely, more accurately locating the vulnerable statements in the target program, generating the input-condition for the symbolic execution on target program, and synthesizing/prioritizing the patch templates for the target program.

Document Details

Document Type

DoD Grant Award

Publication Date

Jan 12, 2023

Source ID

N000142312122

Entities

Tags