TY - GEN
T1 - PPTFI
T2 - 20th International Conference on Mobility, Sensing and Networking, MSN 2024
AU - He, Daojing
AU - Zhang, Juzheng
AU - Li, Hongyi
AU - Zhu, Sencun
AU - Chan, Sammy
N1 - Publisher Copyright:
© 2024 IEEE.
PY - 2024
Y1 - 2024
N2 - In the past decades, downstream manufacturers often failed to timely adopt the security patches, resulting in some discovered vulnerabilities still posing serious risks. In the currently popular field of blockchain smart contracts, this is also a thorny issue. Although some new methods have been proposed to update and patch smart contracts deployed in blockchain networks, the binary codes of most vulnerable smart contracts are still being executed without patching. To detect the unpatched binaries as soon as possible, signature based patch presence tests and software similarity based patch presence tests have been proposed to check whether a certain patch is applied to the released software binaries. However, a large number of bug-fix patches are irrelevant to functions. They are small in size and only modify program entities other than functions. Existing signature-based patch detection methods and software similarity-based tools have limitations in detecting such patches. In this paper, we propose PPTFI, a patch presence test for function-irrelevant patches. PPTFI understands these patches and extracts code and data information as patch signatures for scanning target binaries. Being evaluated on 62 different versions of 31 real-world function-irrelevant patches and 512 binaries across 16 various compilation environments, PPTFI achieves an accuracy of 77.54%, significantly outperforming existing techniques.
AB - In the past decades, downstream manufacturers often failed to timely adopt the security patches, resulting in some discovered vulnerabilities still posing serious risks. In the currently popular field of blockchain smart contracts, this is also a thorny issue. Although some new methods have been proposed to update and patch smart contracts deployed in blockchain networks, the binary codes of most vulnerable smart contracts are still being executed without patching. To detect the unpatched binaries as soon as possible, signature based patch presence tests and software similarity based patch presence tests have been proposed to check whether a certain patch is applied to the released software binaries. However, a large number of bug-fix patches are irrelevant to functions. They are small in size and only modify program entities other than functions. Existing signature-based patch detection methods and software similarity-based tools have limitations in detecting such patches. In this paper, we propose PPTFI, a patch presence test for function-irrelevant patches. PPTFI understands these patches and extracts code and data information as patch signatures for scanning target binaries. Being evaluated on 62 different versions of 31 real-world function-irrelevant patches and 512 binaries across 16 various compilation environments, PPTFI achieves an accuracy of 77.54%, significantly outperforming existing techniques.
UR - https://www.scopus.com/pages/publications/105010319224
UR - https://www.scopus.com/pages/publications/105010319224#tab=citedBy
U2 - 10.1109/MSN63567.2024.00070
DO - 10.1109/MSN63567.2024.00070
M3 - Conference contribution
AN - SCOPUS:105010319224
T3 - Proceedings - 2024 20th International Conference on Mobility, Sensing and Networking, MSN 2024
SP - 461
EP - 468
BT - Proceedings - 2024 20th International Conference on Mobility, Sensing and Networking, MSN 2024
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 20 December 2024 through 22 December 2024
ER -