Skip to main content
SpringerLink
Log in

Cloning Vulnerability Detection in Driver Layer of IoT Devices

  • Conference paper
  • First Online:
Information and Communications Security (ICICS 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11999))

Included in the following conference series:

Abstract

With the spread of the Internet of Things (IoT), the IoT operating systems have correspondingly increased and brought more potential security risks. For instance, it is not hard to find that many driver layer codes in IoT operating systems could come directly from open source projects, where the vulnerabilities would also be propagated. These vulnerabilities could leak sensitive information and even lead to arbitrary code execution. However, existing clone detecting tools have limitations, especially for clones with minor modifications. In this paper, we propose a method that can detect not only exact clones, but also clones with additions, deletions, and partial modifications. The proposed method uses code patches and program slicing to get precisely fingerprint of the restructured clones. Then the fingerprint matching is achieved through a greedy-based optimization algorithm. Afterwards, the detecting tool called RCVD is implemented based on the proposed method. Finally, the experimental results indicate that the method has a significant effect on detecting restructured cloning vulnerabilities. By this means, the Orange Pi and WisCam have been detected dozens of clone-caused vulnerabilities in the code of driver.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Kim, S., Woo, S., Lee, H., Oh, H.: Vuddy: a scalable approach for vulnerable code clone discovery. In: 2017 IEEE Symposium on Security and Privacy (SP), pp. 595–614. IEEE, May 2017

    Google Scholar 

  2. Li, Z., Zou, D., Xu, S., Jin, H., Qi, H., Hu, J.: VulPecker: an automated vulnerability detection system based on code similarity analysis. In: Proceedings of the 32nd Annual Conference on Computer Security Applications, pp. 201–213. ACM, December 2016

    Google Scholar 

  3. Li, Z., et al.: VulDeePecker: a deep learning-based system for vulnerability detection. In: Proceedings of the 25th Annual Network and Distributed System Security Symposium, San Diego, California, USA (2018)

    Google Scholar 

  4. Kamiya, T., Kusumoto, S., Inoue, K.: CCFinder: a multilinguistic token-based code clone detection system for large scale source code. IEEE Trans. Software Eng. 28(7), 654–670 (2002)

    Article  Google Scholar 

  5. Jiang, L., Misherghi, G., Su, Z., Glondu, S.: Deckard: scalable and accurate tree-based detection of code clones. In: Proceedings of the 29th International Conference on Software Engineering, pp. 96–105. IEEE Computer Society, May 2007

    Google Scholar 

  6. Pham, N.H., Nguyen, T.T., Nguyen, H.A., Wang, X., Nguyen, A.T., Nguyen, T.N.: Detecting recurring and similar software vulnerabilities. In: Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering-Volume 2, pp. 227–230. ACM, May 2010

    Google Scholar 

  7. Li, J., Ernst, M.D.: CBCD: Cloned buggy code detector. In: Proceedings of the 34th International Conference on Software Engineering, pp. 310–320. IEEE Press, New Jersey, June 2012

    Google Scholar 

  8. Jang, J., Agrawal, A., Brumley, D.: ReDeBug: finding unpatched code clones in entire os distributions. In: 2012 IEEE Symposium on Security and Privacy, pp. 48–62. IEEE, May 2012

    Google Scholar 

  9. Li, H., Kwon, H., Kwon, J., Lee, H.: CLORIFI: software vulnerability discovery using code clone verification. Concurrency Comput. Pract. Experience 28(6), 1900–1917 (2016)

    Article  Google Scholar 

  10. Gan, S., Qin, X., Chen, Z., Wang, L.: Software vulnerability code clone detection method based on characteristic metrics. J. Softw. 26(2), 348–363 (2015)

    Google Scholar 

  11. Liu, Z., Wei, Q., Cao, Y.: Vfdetect: a vulnerable code clone detection system based on vulnerability fingerprint. In: 2017 IEEE 3rd Information Technology and Mechatronics Engineering Conference (ITOEC), pp. 548–553. IEEE, October 2017

    Google Scholar 

  12. Nishi, M.A., Damevski, K.: Scalable code clone detection and search based on adaptive prefix filtering. J. Syst. Softw. 137, 130–142 (2018)

    Article  Google Scholar 

  13. Lin, G., et al.: Cross-project transfer representation learning for vulnerable function discovery. IEEE Trans. Ind. Inform. 14(7), 3289–3297 (2018)

    Article  Google Scholar 

  14. Zhang, Z.K., Cho, M.C.Y., Wang, C.W., Hsu, C.W., Chen, C.K., Shieh, S.: IoT security: ongoing challenges and research opportunities. In: 2014 IEEE 7th International Conference on Service-Oriented Computing and Applications, pp. 230–234. IEEE, November 2014

    Google Scholar 

  15. Weiser, M.: Program slicing. In: Proceedings of the 5th International Conference on Software Engineering, pp. 439–449. IEEE Press, New Jersey, March 1981

    Google Scholar 

  16. Korel, B., Laski, J.: Dynamic slicing of computer programs. J. Syst. Softw. 13(3), 187–195 (1990)

    Article  Google Scholar 

  17. Roy, C.K., Cordy, J.R., Koschke, R.: Comparison and evaluation of code clone detection techniques and tools: a qualitative approach. Sci. Comput. Program. 74(7), 470–495 (2009)

    Article  MathSciNet  Google Scholar 

  18. Jiang, L., Su, Z., Chiu, E.: Context-based detection of clone-related bugs. In: Proceedings of the the 6th Joint Meeting of the European Software Engineering Conference and The ACM SIGSOFT Symposium on The Foundations of Software Engineering, pp. 55–64. ACM, September 2007

    Google Scholar 

  19. Li, Z., Lu, S., Myagmar, S., Zhou, Y.: CP-Miner: a tool for finding copy-paste and related bugs in operating system code. In: OSdi, vol. 4, no. 19, pp. 289–302, December 2004

    Google Scholar 

  20. Sajnani, H., Saini, V., Svajlenko, J., Roy, C.K., Lopes, C.V.: Sourcerercc: scaling code clone detection to big-code. In: 2016 IEEE/ACM 38th International Conference on Software Engineering (ICSE), pp. 1157–1168. IEEE, May 2016

    Google Scholar 

  21. joern. https://joern.readthedocs.io

  22. Yamaguchi, F., Lindner, F., Rieck, K.: Vulnerability extrapolation: assisted discovery of vulnerabilities using machine learning. In: Proceedings of the 5th USENIX Conference on Offensive Technologies, pp. 13. USENIX Association, August 2011

    Google Scholar 

  23. Xu, B., Qian, J., Zhang, X., Wu, Z., Chen, L.: A brief survey of program slicing. ACM SIGSOFT Softw. Eng. Notes 30(2), 1–36 (2005)

    Article  Google Scholar 

  24. Orange Pi. http://www.orangepi.org/

  25. Common Vulnerabilities and Exposure. https://cve.mitre.org/index.html

  26. WisCam. https://www.rakwireless.com/en/WisKeyOSH/WisCam

Download references

Acknowledgements

This work was supported by the National Key R&D Program of China under Grant No. 2017YFC0821705, National Key R&D Program of China under Grant No. 2019QY(Y)0602 and National Natural Science Foundation of China under Grant No. U1536202.

Author information

Authors and Affiliations

  1. State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China

    WeiPeng Jiang & Bin Wu

  2. School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China

    WeiPeng Jiang & Bin Wu

  3. School of Computer and Software, Nanjing University of Information Science and Technology, Nanjing, China

    Zhou Jiang

  4. School of Software, North University of China, Taiyuan, China

    ShaoBo Yang

Authors
  1. WeiPeng Jiang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Bin Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Zhou Jiang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. ShaoBo Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Bin Wu .

Editor information

Editors and Affiliations

  1. Singapore University of Technology and Design, Singapore, Singapore

    Jianying Zhou

  2. The Hong Kong Polytechnic University, Kowloon, Hong Kong

    Xiapu Luo

  3. Peking University, Beijing, China

    Qingni Shen

  4. Institute of Information Engineering, Beijing, China

    Zhen Xu

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Jiang, W., Wu, B., Jiang, Z., Yang, S. (2020). Cloning Vulnerability Detection in Driver Layer of IoT Devices. In: Zhou, J., Luo, X., Shen, Q., Xu, Z. (eds) Information and Communications Security. ICICS 2019. Lecture Notes in Computer Science(), vol 11999. Springer, Cham. https://doi.org/10.1007/978-3-030-41579-2_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-41579-2_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-41578-5

  • Online ISBN: 978-3-030-41579-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation