Operation System Vulnerabilities Analysis Based on Code Clone Detection

doi:10.3778/j.issn.1673-9418.2008083

Abstract

Abstract:

Software vulnerability detection based on code clone detection technology is an important direction in the static analysis of software vulnerability. At present, the existing software vulnerability detection tools have deficie-ncies in the vulnerability detection for large-scale code sets, and lack of optimization for the vulnerability characte-ristics of the operating system. Therefore, based on the code clone detection technology, this paper proposes a method for detecting the vulnerability of the operating system. Firstly, on the basis of the general “code representation-extracting features-feature comparison” detection process, a pre-screening mechanism based on the type of operating system software package and function code size is added to exclude most irrelevant code before performing code representation. Secondly, the basic information of the function, the label sequence and the control flow path are selected to extract the code features, and the similarity between the fragile code and the code under test is compared step by step. Finally, experiments are conducted on typical open source operating systems with fragile samples obtained from the public vulnerability database. The results show that the pre-screening can effectively reduce the code size of the test subjects, and the average accuracy of the detection results reaches 84%.

Key words: vulnerability detection, code clone, operating system, code feature, static analysis

摘要：

基于代码克隆检测技术进行软件脆弱性检测，是软件脆弱性静态分析中的一个重要方向。目前，已有软件脆弱性检测工具在面向大规模代码集的脆弱性检测方面存在不足，且缺乏针对操作系统脆弱性的优化。为此，基于代码克隆检测技术，提出了一种操作系统脆弱性检测方法。首先在一般的“代码表征—提取特征—特征比对”检测流程的基础上，加入了基于操作系统软件包类型和函数代码规模的预筛选机制，在进行代码表征之前排除大部分无关代码。其次选择函数基本信息、符号序列和控制流路径三个角度提取代码特征，逐级比较脆弱代码和待测代码的相似度。最后从公开脆弱性数据库获取脆弱样本，对典型开源操作系统进行了实验，结果显示预筛选能够有效缩减实验对象的代码规模，而检测结果的平均精确度达到了84%。

关键词: 脆弱性检测, 代码克隆, 操作系统, 代码特征, 静态分析

WANG Zhe, REN Yi, ZHOU Kai, GUAN Jianbo, TAN Yusong. Operation System Vulnerabilities Analysis Based on Code Clone Detection[J]. Journal of Frontiers of Computer Science and Technology, 2021, 15(9): 1619-1631.

汪哲, 任怡, 周凯, 管剑波, 谭郁松. 基于代码克隆检测的操作系统脆弱性分析方法[J]. 计算机科学与探索, 2021, 15(9): 1619-1631.

References

[1] ROY C K, CORDY J R. A survey on software clone detection research: 2007-541[R]. Queen??s University at Kingston, 2007.
[2] ROY C K, CORDY J R. An empirical study of function clones in open source software[C]//Proceedings of the 15th Working Conference on Reverse Engineering, Antwerp, Oct 15-18, 2008. Washington: IEEE Computer Society, 2008: 81-90.
[3] XIONG H, YAN H H, GUO T, et al. Code similarity detec-tion: a survey[J]. Computer Science, 2010, 37(8): 9-14.
熊浩, 晏海华, 郭涛, 等. 代码相似性检测技术: 研究综述[J]. 计算机科学, 2010, 37(8): 9-14.
[4] WANG S, MAO X, YI X. Dissection on Java organs in GitHub repositories[J]. IEEE Access, 2019, 7: 62561-62576.
[5] CHATTERJI D, CARVER J C, KRAFT N A, et al. Effects of cloned code on software maintainability: a replicated developer study[C]//Proceedings of the 20th Working Con-ference on Reverse Engineering, Koblenz, Oct 14-17, 2013. Washington: IEEE Computer Society, 2013: 112-121.
[6] CHATTERJI D, CARVER J C, MASSENGIL B, et al. Mea-suring the efficacy of code clone information in a bug loca-lization task: an empirical study[C]//Proceedings of the 5th International Symposium on Empirical Software Enginee-ring and Measurement, Banff, Sep 22-23, 2011. Washington: IEEE Computer Society, 2011: 20-29.
[7] XUE J, MAO X, LU Y, et al. History-driven fix for code quality issues[J]. IEEE Access, 2019, 7: 111637-111648.
[8] KOSCHKE R. Large-scale inter-system clone detection using suffix trees[C]//Proceedings of the 16th European Conference on Software Maintenance and Reengineering, Szeged, Mar 27-30, 2012. Washington: IEEE Computer Society, 2012: 309-318.
[9] GERMáN D M, DI PENTA M, GUéHéNEUC Y G, et al. Code siblings: technical and legal implications of copying code between applications[C]//Proceedings of the 6th Inter-national Working Conference on Mining Software Reposi-tories, Vancouver, May 16-17, 2009. Washington: IEEE Com-puter Society, 2009: 81-90.
[10] HEMEL A, KOSCHKE R. Reverse engineering variability in source code using clone detection: a case study for linux variants of consumer electronic devices[C]//Proceedings of the 19th Working Conference on Reverse Engineering, King-ston, Oct 15-18, 2012. Washington: IEEE Computer Society, 2012: 357-366.
[11] YAMASHINA T, UWANO H, FUSHIDA K, et al. SHINOBI: a real-time code clone detection tool for software maintenance[R]. Nara Institute of Science and Technology, 2008.
[12] KEIVANLOO I, RILLING J, CHARLAND P. Internet-scale real-time code clone search via multi-level indexing[C]//Proceedings of the 18th Working Conference on Reverse Engineering, Limerick, Oct 17-20, 2011. Washington: IEEE Computer Society, 2011: 23-27.
[13] SVAJLENKO J, KEIVANLOO I, ROY C K. Scaling classical clone detection tools for ultra-large datasets: an exploratory study[C]//Proceeding of the 7th International Workshop on Software Clones, San Francisco, May 19, 2013. Washington: IEEE Computer Society, 2013: 16-22.
[14] LI Z M, LU S, MYAGMAR S, et al. CP-Miner: finding copy-paste and related bugs in large-scale software code[J]. IEEE Transactions on Software Engineering, 2006, 32(3): 176-192.
[15] CHOU A, YANG J F, CHELF B, et al. An empirical study of operating systems errors[C]//Proceedings of the 18th ACM Symposium on Operating System Principles, Chateau Lake Louise, Oct 21-24, 2001. New York: ACM, 2001: 73-88.
[16] PHAM N H, NGUYEN T T, NGUYEN H A, et al. Detection of recurring software vulnerabilities[C]//Proceedings of the 25th IEEE/ACM International Conference on Automated Software Engineering, Antwerp, Sep 20-24, 2010. New York: ACM, 2010: 447-456.
[17] BELLON S, KOSCHKE R, ANTONIOL G, et al. Comparison and evaluation of clone detection tools[J]. IEEE Transactions on Software Engineering, 2007, 33(9): 577-591.
[18] ROY C K, CORDY J R. NICAD: accurate detection of near-miss intentional clones using flexible pretty-printing and code normalization[C]//Proceedings of the 16th IEEE International Conference on Program Comprehension, Amsterdam, Jun 10-13, 2008. Washington: IEEE Computer Society, 2008: 172-181.
[19] BAKER B S. On finding duplication and near-duplication in large software systems[C]//Proceedings of the 2nd Working Conference on Reverse Engineering, Toronto, Jul 14-16, 1995. Washington: IEEE Computer Society, 1995: 86-95.
[20] KAMIYA T, KUSUMOTO S, INOUE K. CCFinder: a multi-linguistic token-based code clone detection system for large scale source code[J]. IEEE Transactions on Software Engi-neering, 2002, 28(7): 654-670.
[21] WANG P C, SVAJLENKO J, WU Y Z, et al. CCAligner: a token based large-gap clone detector[C]//Proceedings of the 40th International Conference on Software Engineering, Gothe-nburg, May 27-Jun 3, 2018. New York: ACM, 2018: 1066-1077.
[22] LI L Q, FENG H, ZHUANG W J, et al. CClearner: a deep learning-based clone detection approach[C]//Proceedings of the 2017 IEEE International Conference on Software Main-tenance and Evolution, Shanghai, Sep 17-22, 2017. Washing-ton: IEEE Computer Society, 2017: 249-260.
[23] JIANG L X, MISHERGHI G, SU Z D, et al. Deckard: scalable and accurate tree-based detection of code clones[C]//Proceedings of the 29th International Conference on Software Engineering, Minneapolis, May 20-26, 2007. Washing-ton: IEEE Computer Society, 2007: 96-105.
[24] LIU C, CHEN C, HAN J W, et al. GPLAG: detection of software plagiarism by program dependence graph analysis[C]//Proceedings of the 12th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, Phila-delphia, Aug 20-23, 2006. New York: ACM, 2006: 872-881.
[25] SAINI V, FARMAHINIFARAHANI F, LU Y D, et al. Oreo: detection of clones in the twilight zone[C]//Proceedings of the 2018 ACM Joint Meeting on European Software Engi-neering Conference and Symposium on the Foundations of Software Engineering, Lake Buena Vista, Nov 4-9, 2018. New York: ACM, 2018: 354-365.
[26] KONTOGIANNIS K A, DEMORI R, MERLO E, et al. Pattern matching for clone and concept detection[J]. Auto-mated Software Engineering, 1996, 3(1/2): 77-108.
[27] LI J Y, ERNST M D. CBCD: cloned buggy code detector[C]//Proceedings of the 34th International Conference on Software Engineering, Zurich, Jun 2-9, 2012. Washington: IEEE Computer Society, 2012: 310-320.
[28] CHANG C, LIU K S, ZHAO J, et al. Clone flaw detection method based on clone code detection[J]. Systems Enginee-ring and Electronics, 2017, 39(9): 2157-2164.
常超, 刘克胜, 赵军, 等. 基于复用代码检测的缺陷发现方法[J]. 系统工程与电子技术, 2017, 39(9): 2157-2164.
[29] JANG J Y, AGRAWAL A, BRUMLEY D. ReDeBug: finding unpatched code clones in entire OS distributions[C]//Pro-ceedings of the 2012 IEEE Symposium on Security and Privacy, San Francisco, May 21-23, 2012. Washington: IEEE Computer Society, 2012: 48-62.