A5101726649- Advanced Malware Detection Techniques
- Web Application Security Vulnerabilities
- Software Testing and Debugging Techniques
- Software Engineering Research
- Security and Verification in Computing
Institute of Information Engineering
2023
University of Chinese Academy of Sciences
2023
Third-party libraries (TPLs) are extensively utilized by developers to expedite the software development process and incorporate external functionalities. Nevertheless, insecure TPL reuse can lead significant security risks. Existing methods, which involve extracting strings or conducting function matching, employed determine presence of code in target binary. However, these methods often yield unsatisfactory results due recurrence numerous similar non-homologous functions. Furthermore,...
Code reuse in software development frequently facilitates the spread of vulnerabilities, making scope affected CVE reports imprecise. Traditional methods primarily focus on identifying reused vulnerability code within target software, yet they cannot verify if these vulnerabilities can be triggered new contexts. This limitation often results false positives. In this paper, we introduce TransferFuzz, a novel verification framework, to whether propagated through software. Innovatively,...
Third-party libraries (TPLs) are extensively utilized by developers to expedite the software development process and incorporate external functionalities. Nevertheless, insecure TPL reuse can lead significant security risks. Existing methods employed determine presence of code in target binary. methods, which involve extracting strings or conducting function matching, However, these often yield unsatisfactory results due recurrence numerous similar non-homologous functions. Additionally,...