Jisuanji kexue (Apr 2023)

Research on PoC Refactoring of Third-party Library in Heterogeneous Environment

  • SONG Wenkai, YOU Wei, LIANG Bin, HUANG Jianjun, SHI Wenchang

DOI
https://doi.org/10.11896/jsjkx.220500092
Journal volume & issue
Vol. 50, no. 4
pp. 277 – 287

Abstract

Read online

Vulnerabilities in third-party libraries are widely propagated to host applications(software that using third-party libra-ries),and developers of host applications usually fail to fix these vulnerabilities in a timely manner,which easily leads to security problems.In order to explore the impact of third-party library vulnerabilities on the host applications,it is particularly important to effectively verify whether the vulnerabilities propagated to the host application can still be triggered.The latest research applies taint analysis and symbolic execution to transform the PoC of third-party libraries to make it suitable for host applications.However,there are often differences between the test environment of the third-party library and the real environment of the host application (they are heterogeneous environments),so that the PoC transformed by the above method is still difficult to apply to the host application.To solve the above problems,a method for PoC refactoring in heterogeneous environment is proposed,which can be divided into four steps.Firstly,we exeract the execution traces in the third-party library test environment and the host application environment respectively when the original PoC is input.Secondly,we compare and analyze the two traces obtained in the first step to identify differences.Thirdly,we analyze codes at difference points to identify the key variables that cause the diffe-rences.Finally,we locate the key fields in the PoC that can affect the state of key variables,by mutating the key fields of the PoC,we try to modify the state of the key variables and align the difference paths,guide the execution flow of the host application to reach the vulnerability code,and eventually we complete the refactoring of the PoC.Experiments are carried out on 11 real-world PoCs,and the experimental results show that the proposed method can successfully verify the triggerability of the propagated vu-lnerability in the host application in a heterogeneous environment.

Keywords