Localizing Patch Points From One Exploit

TL;DR

PatchLoc is an innovative system that automatically identifies patch points in vulnerable binaries using only one exploit, achieving high accuracy without source code or test suites, thus advancing automated patch generation.

Contribution

It introduces a novel method for automatic patch localization in binaries based solely on a single exploit, without requiring source code or prior knowledge.

Findings

Pinpoints patch locations with about 88% accuracy on 43 CVEs

Does not rely on source code, test suites, or specialized knowledge

Uses automatic test-suite synthesis to rank candidate locations

Abstract

Automatic patch generation can significantly reduce the window of exposure after a vulnerability is disclosed. Towards this goal, a long-standing problem has been that of patch localization: to find a program point at which a patch can be synthesized. We present PatchLoc, one of the first systems which automatically identifies such a location in a vulnerable binary, given just one exploit, with high accuracy. PatchLoc does not make any assumptions about the availability of source code, test suites, or specialized knowledge of the vulnerability. PatchLoc pinpoints valid patch locations in large real-world applications with high accuracy for about 88% of 43 CVEs we study. These results stem from a novel approach to automatically synthesizing a test-suite which enables probabilistically ranking and effectively differentiating between candidate program patch locations.