Conference Proceedings

An Empirical Study of Software Sanitization Locality

Proceedings of the IEEE National Aerospace Electronics Conference, NAECON (2024) 1-6
DOI: 10.1109/NAECON61878.2024.10670650
0Citations
Citations of this article
N/AReaders
Mendeley users who have this article in their library.
Get full text

Abstract

This work introduces the concept of software sanitization locality and conducts empirical measurements. We define software sanitization locality as the property wherein the sanitization operation, if present, remains proximate to its protected API. To quantify this property, we have introduced a range of metrics to illustrate the distance between a sanitization operation and its protected API from various perspectives, including both the abstract syntax tree level and the binary level. In an effort to validate the concept of sanitization locality, we have also gathered and labeled a dataset of programs containing security patches to conduct empirical measurements. This dataset encompasses a diverse array of 16 typical vulner-abilities sourced from the Linux kernel codebase. The findings conclusively illustrate that the analyzed samples do exhibit the hypothesized sanitization locality.

Author supplied keywords

Cite

CITATION STYLE

APA

Boland, N. C., Zhang, J., Chong, D., & Dai, R. (2024). An Empirical Study of Software Sanitization Locality. In Proceedings of the IEEE National Aerospace Electronics Conference, NAECON (pp. 1–6). Institute of Electrical and Electronics Engineers Inc. https://doi.org/10.1109/NAECON61878.2024.10670650

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free