Write a Blog >>
ESEC/FSE 2021
Thu 19 - Sat 28 August 2021 Clowdr Platform
Thu 26 Aug 2021 17:10 - 17:20 - Dependability—Vulnerabilities 1 Chair(s): Felipe Fronchetti
Fri 27 Aug 2021 05:10 - 05:20 - Dependability—Vulnerabilities 1 Chair(s): Marsha Chechik

Memory vulnerabilities are the main causes of software security problems. However, detecting vulnerabilities in multi-threaded programs is challenging because many vulnerabilities occur under specific executions, and it is hard to explore all possible executions of a multi-threaded program. Existing approaches are either computationally intensive or likely to miss some vulnerabilities due to the complex thread interleaving. This paper introduces a novel approach to detect concurrency memory vulnerabilities based on partial orders of events. A partial order on a set of events represents the definite execution orders of events. It allows constructing feasible traces exposing specific vulnerabilities by exchanging the execution orders of vulnerability-potential events. It also reduces the search space of possible executions and thus improves computational efficiency. We propose new algorithms to extract vulnerability-potential event pairs for three kinds of memory vulnerabilities. We also design a novel algorithm to compute a potential event pair's feasible set, which contains the relevant events required by a feasible trace. Our method extends existing approaches for data race detection by considering that two events are protected by the same lock. We implement a prototype of our approach and conduct experiments to evaluate its performance. Experimental results show that our tool exhibits superiority over state-of-the-art algorithms in both effectiveness and efficiency.

Thu 26 Aug

Displayed time zone: Athens change

17:00 - 18:00
Dependability—Vulnerabilities 1Research Papers +12h
Chair(s): Felipe Fronchetti University of São Paulo, Brazil
17:00
10m
Paper
Detecting Node.js Prototype Pollution Vulnerabilities via Object Lookup AnalysisArtifacts Available
Research Papers
Song Li Johns Hopkins University, Mingqing Kang Johns Hopkins University, Jianwei Hou Johns Hopkins University; Renmin University of China, Yinzhi Cao Johns Hopkins University
DOI
17:10
10m
Paper
Detecting Concurrency Vulnerabilities Based on Partial Orders of Memory and Thread Events
Research Papers
Kunpeng Yu Xi'an Jiaotong University, Chenxu Wang Xi'an Jiaotong University, Yan Cai Institute of Software at Chinese Academy of Sciences, Xiapu Luo Hong Kong Polytechnic University, Zijiang Yang Western Michigan University
DOI
17:20
10m
Paper
Vulnerability Detection with Fine-Grained Interpretations
Research Papers
Yi Li New Jersey Institute of Technology, Shaohua Wang New Jersey Institute of Technology, Tien N. Nguyen University of Texas at Dallas
DOI Pre-print
17:30
30m
Live Q&A
Q&A (Dependability—Vulnerabilities 1)
Research Papers

Fri 27 Aug

Displayed time zone: Athens change

05:00 - 06:00
Dependability—Vulnerabilities 1Research Papers
Chair(s): Marsha Chechik University of Toronto
05:00
10m
Paper
Detecting Node.js Prototype Pollution Vulnerabilities via Object Lookup AnalysisArtifacts Available
Research Papers
Song Li Johns Hopkins University, Mingqing Kang Johns Hopkins University, Jianwei Hou Johns Hopkins University; Renmin University of China, Yinzhi Cao Johns Hopkins University
DOI
05:10
10m
Paper
Detecting Concurrency Vulnerabilities Based on Partial Orders of Memory and Thread Events
Research Papers
Kunpeng Yu Xi'an Jiaotong University, Chenxu Wang Xi'an Jiaotong University, Yan Cai Institute of Software at Chinese Academy of Sciences, Xiapu Luo Hong Kong Polytechnic University, Zijiang Yang Western Michigan University
DOI
05:20
10m
Paper
Vulnerability Detection with Fine-Grained Interpretations
Research Papers
Yi Li New Jersey Institute of Technology, Shaohua Wang New Jersey Institute of Technology, Tien N. Nguyen University of Texas at Dallas
DOI Pre-print
05:30
30m
Live Q&A
Q&A (Dependability—Vulnerabilities 1)
Research Papers