Silent Taint-Style Vulnerability Fixes Identification
The coordinated vulnerability disclosure model, widely adopted in open-source software (OSS) organizations, recommends the silent resolution of vulnerabilities without revealing vulnerability information until their public disclosure. However, the inherently public nature of OSS development leads to security fixes becoming publicly available in repositories weeks before the official disclosure of vulnerabilities. This time gap poses a significant security risk to OSS users, as attackers could discover the fix and exploit vulnerabilities before disclosure. Thus, there is a critical need for OSS users to sense fixes as early as possible to address the vulnerability before any exploitation occurs.
In response to this challenge, we introduce EarlyVulnFix, a novel approach designed to identify silent fixes for taint-style vulnerabilities—a persistent class of security weaknesses where attacker-controlled input reaches sensitive operations (sink) without proper sanitization. Leveraging data flow and dependency analysis, our tool distinguishes two types of connections between newly introduced code and sinks, tailored for two common fix scenarios. Our evaluation demonstrates that EarlyVulnFix surpasses state-of-the-art baselines by a substantial margin in terms of F1 score. Furthermore, when applied to the 700 latest commits across seven projects, EarlyVulnFix detected three security fixes before their respective security releases, highlighting its effectiveness in identifying unreported vulnerability fixes in the wild.
Thu 19 SepDisplayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change
15:30 - 17:10 | Vulnerabilities and MalwareTechnical Papers at EI 10 Fritz Paschke Chair(s): Wei You Renmin University of China | ||
15:30 20mTalk | Silent Taint-Style Vulnerability Fixes Identification Technical Papers Zhongzhen Wen Nanjing University, Jiayuan Zhou Huawei, Minxue Pan Nanjing University, Shaohua Wang Central University of Finance and Economics, Xing Hu Zhejiang University, Tongtong Xu Huawei, Tian Zhang Nanjing University, Xuandong Li Nanjing University DOI | ||
15:50 20mTalk | FortifyPatch: Towards Tamper-Resistant Live Patching in Linux-Based Hypervisor Technical Papers Zhenyu Ye Hunan University, Lei Zhou National University of Defense Technology, Fengwei Zhang Southern University of Science and Technology, Wenqiang Jin Hunan University, Zhenyu Ning Hunan University; Xinchuang Haihe Laboratory, Yupeng Hu Hunan University, Zheng Qin Hunan University DOI | ||
16:10 20mTalk | Maltracker: A Fine-Grained NPM Malware Tracker Copiloted by LLM-Enhanced Dataset Technical Papers Zeliang Yu Huazhong University of Science and Technology, Ming Wen Huazhong University of Science and Technology, Xiaochen Guo Huazhong University of Science and Technology, Hai Jin Huazhong University of Science and Technology DOI | ||
16:30 20mTalk | PatchFinder: A Two-Phase Approach to Security Patch Tracing for Disclosed Vulnerabilities in Open-Source Software Technical Papers Kaixuan Li East China Normal University; Nanyang Technological University, Jian Zhang Nanyang Technological University, Sen Chen Tianjin University, Han Liu East China Normal University, Yang Liu Nanyang Technological University, Yixiang Chen East China Normal University DOI Pre-print | ||
16:50 20mTalk | An Empirical Study of Static Analysis Tools for Secure Code Review Technical Papers Wachiraphan (Ping) Charoenwet University of Melbourne, Patanamon Thongtanunam University of Melbourne, Thuan Pham University of Melbourne, Christoph Treude Singapore Management University DOI | ||