An Empirical Study of Software Sanitization Locality

Authors

Nathaniel Christian Boland, Wright State University
Junjie Zhang, Wright State University - Main CampusFollow
Daniel Chong, Wright State University
Rui Dai, Shriners Hospitals for Children, University of Cincinnati

Document Type

Article

Publication Date

9-18-2024

Identifier/URL

41591610 (Pure)

Find this in a Library

Catalog Record

Abstract

This work introduces the concept of software sanitization locality and conducts empirical measurements. We define software sanitization locality as the property wherein the sanitization operation, if present, remains proximate to its protected API. To quantify this property, we have introduced a range of metrics to illustrate the distance between a sanitization operation and its protected API from various perspectives, including both the abstract syntax tree level and the binary level. In an effort to validate the concept of sanitization locality, we have also gathered and labeled a dataset of programs containing security patches to conduct empirical measurements. This dataset encompasses a diverse array of 16 typical vulner-abilities sourced from the Linux kernel codebase. The findings conclusively illustrate that the analyzed samples do exhibit the hypothesized sanitization locality.

Comments

Publisher Copyright: © 2024 IEEE.

Repository Citation

Boland, N. C., Zhang, J., Chong, D., & Dai, R. (2024). An Empirical Study of Software Sanitization Locality. NAECON 2024 - IEEE National Aerospace and Electronics Conference.
https://corescholar.libraries.wright.edu/cse/660

DOI

10.1109/NAECON61878.2024.10670650