Family-Based Fingerprint Analysis: A Position Paper

TL;DR

This paper advocates for a family-based, feature-driven approach to software fingerprinting to improve efficiency and manage complexity in vulnerability detection.

Contribution

It introduces a novel framework that unifies signature databases into featured finite state machines using presence conditions for more efficient fingerprint analysis.

Findings

Proposes a framework combining model learning with family-based analysis.

Suggests feature-based signatures can reduce fingerprint size.

Aims to enhance performance in software vulnerability detection.

Abstract

Thousands of vulnerabilities are reported on a monthly basis to security repositories, such as the National Vulnerability Database. Among these vulnerabilities, software misconfiguration is one of the top 10 security risks for web applications. With this large influx of vulnerability reports, software fingerprinting has become a highly desired capability to discover distinctive and efficient signatures and recognize reportedly vulnerable software implementations. Due to the exponential worst-case complexity of fingerprint matching, designing more efficient methods for fingerprinting becomes highly desirable, especially for variability-intensive systems where optional features add another exponential factor to its analysis. This position paper presents our vision of a framework that lifts model learning and family-based analysis principles to software fingerprinting. In this framework, we propose unifying databases of signatures into a featured finite state machine and using presence conditions to specify whether and in which circumstances a given input-output trace is observed. We believe feature-based signatures can aid performance improvements by reducing the size of fingerprints under analysis.