Path-wise Vulnerability Mitigation
Zhen Huang, Hristina Dokic
TL;DR
This paper introduces PAVER, a novel approach for generating path-wise mitigation patches that target specific program paths leading to vulnerabilities, significantly reducing side-effects compared to traditional function-level patches.
Contribution
PAVER is the first method to generate and insert mitigation patches at the program path level, improving precision and minimizing side-effects.
Findings
PAVER effectively reduces side-effects of mitigation patches.
The approach successfully applied to real-world vulnerabilities.
Path-wise patches outperform function-level patches in minimizing impact.
Abstract
Software vulnerabilities are prevalent but fixing software vulnerabilities is not trivial. Studies have shown that a considerable prepatch window exists because it often takes weeks or months for software vendors to fix a vulnerability. Existing approaches aim to reduce the pre-patch window by generating and applying mitigation patches that prevent adversaries from exploiting vulnerabilities rather than fix vulnerabilities. Because mitigation patches typically terminate the execution of vulnerability-triggering program paths at the level of functions, they can have significant side-effects. This paper describes an approach called PAVER that generates and inserts mitigation patches at the level of program paths, i.e. path-wise vulnerability mitigation patches, in order to reduce their side-effects. PAVER generates a program path graph that includes the paths leading to vulnerabilities…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsNetwork Security and Intrusion Detection · Software System Performance and Reliability · Smart Grid Security and Resilience