IEEE Access (Jan 2024)

Empirical Study of Software Composition Analysis Tools for C/C++ Binary Programs

  • Yuqiao Ning,
  • Yanan Zhang,
  • Chao Ma,
  • Zhen Guo,
  • Longhai Yu

DOI
https://doi.org/10.1109/ACCESS.2023.3341224
Journal volume & issue
Vol. 12
pp. 50418 – 50430

Abstract

Read online

Software composition analysis (SCA) is essential for understanding and optimizing complex C programs, ensuring system reliability and efficiency. Analyzing programs at the binary level provides insights into behavior, performance, and security. However, comprehensive evaluations of both academic and commercialized SCA tools are lacking. To this end, this paper presents a comprehensive evaluation of software composition analysis techniques for accurately identifying components in C/C++ binary programs. The study examines different analysis techniques in terms of accuracy, performance, domain-specific capabilities, and additional abilities such as detecting security vulnerabilities and code reuse potential. The results show that SCA tools reach over 70% accuracy in detecting general libraries and the accuracy drops to less than 45% for libraries in domain-specific software. Commercialized tools exhibit better efficiency and practicalness than academic tools. The evaluation provides insights into the strengths and limitations of various approaches, offering suggestions for SCA development and the selection of the most suitable tools.

Keywords