Write a Blog >>
Tue 10 Nov 2020 08:39 - 08:40 at Virtual room 1 - Security

Mastering the knowledge about security-sensitive functions that can potentially result in bugs is valuable to detect them. However, identifying this kind of functions is not a trivial task. Introducing machine learning-based techniques to do the task is a natural choice. Unfortunately, the approach also requires considerable prior knowledge, e.g., sufficient labelled training samples. In practice, the requirement is often hard to meet.

In this paper, to solve the problem, we propose a novel and practical method called SinkFinder to automatically discover function pairs that we are interested in, which only requires very limited prior knowledge. SinkFinder first takes just one pair of well-known interesting functions as the initial seed to infer enough positive and negative training samples by means of sub-word word embedding. By using these samples, a support vector machine classifier is trained to identify more interesting function pairs. Finally, checkers equipped with the obtained knowledge can be easily developed to detect bugs in target systems. The experiments demonstrate that SinkFinder can successfully discover hundreds of interesting functions and detect dozens of previously unknown bugs from large-scale systems, such as Linux, OpenSSL and PostgreSQL.

Tue 10 Nov
Times are displayed in time zone: (UTC) Coordinated Universal Time change

08:30 - 08:32
Talk
An Evaluation of Methods to Port Legacy Code to SGX Enclaves
Research Papers
Kripa ShankerIndian Institute of Science, Bangalore, Arun JosephIndian Institute of Science, India, Vinod GanapathyIndian Institute of Science, India
DOI Pre-print File Attached
08:33 - 08:34
Talk
How Does Refactoring Impact Security When Improving Quality? A Security-Aware Refactoring Approach
Journal First
Chaima AbidUniversity of Michigan, Marouane KessentiniUniversity of Michigan, Vahid AlizadehDePaul University, Mouna DhaouadiUniversity of Michigan, Rick KazmanUniversity of Hawai‘i at Mānoa
08:35 - 08:36
Talk
Improving Cybersecurity Hygiene through JIT Patching
Industry Papers
Frederico AraujoIBM T.J. Watson Research Center, New York, USA, Teryl TaylorIBM Research, n.n.
DOI
08:37 - 08:38
Talk
Search-Based Adversarial Testing and Improvement of Constrained Credit Scoring Systems
Research Papers
Salah GhamiziUniversity of Luxembourg, Luxembourg, Maxime CordyUniversity of Luxembourg, Luxembourg, Martin GubriUniversity of Luxembourg, Luxembourg, Mike PapadakisUniversity of Luxembourg, Luxembourg, Andrey BoystovUniversity of Luxembourg, Luxembourg, Yves Le TraonUniversity of Luxembourg, Luxembourg, Anne GoujonBGL BNP Paribas, Luxembourg
DOI Pre-print
08:39 - 08:40
Talk
SinkFinder: Harvesting Hundreds of Unknown Interesting Function Pairs with Just One Seed
Research Papers
Pan BianRenmin University of China, China, Bin LiangRenmin University of China, China, Jianjun HuangRenmin University of China, China, Wenchang ShiRenmin University of China, China, Xidong WangRenmin University of China, China, Jian ZhangInstitute of Software at Chinese Academy of Sciences, China
DOI
08:41 - 08:42
Talk
Taking the Middle Path: Learning About Security Through Online Social Interaction
Journal First
Tamara LopezThe Open University, Thein Tun, Arosha K BandaraThe Open University, Mark LevineLancaster University, Bashar NuseibehThe Open University (UK) & Lero (Ireland), Helen SharpThe Open University
08:43 - 09:00
Talk
Conversations on Security
Research Papers
Frederico AraujoIBM T.J. Watson Research Center, New York, USA, Kripa ShankerIndian Institute of Science, Bangalore, Pan BianRenmin University of China, China, Salah GhamiziSntT - University of Luxembourg, Tamara LopezThe Open University, Chaima AbidUniversity of Michigan, M: Ben HermannTechnical University Dortmund