Title :
A Study on Latent Vulnerabilities
Author :
Ng, Beng Heng ; Hu, Xin ; Prakash, Atul
Author_Institution :
Dept. of Electr. Eng. & Comput. Sci., Univ. of Michigan, Ann Arbor, MI, USA
fDate :
Oct. 31 2010-Nov. 3 2010
Abstract :
Software code reuse has long been touted as a reliable and efficient software development paradigm. Whilst this practice has numerous benefits, it is inherently susceptible to latent vulnerabilities. Source code which is re-used without being patched for various reasons may result in vulnerable binaries, despite the vulnerabilities being made publicly known. To aggravate matters, crackers have access to information on these vulnerabilities as well. Defenders need to ensure all loopholes are patched, while attackers need just one such loophole. In this work, we define latent vulnerabilities, and study the prevalence of the problem. This provides us the motivation, and an insight into the future work to be done in solving the problem. Our results show that unpatched source files which are more than one year old are commonly used in the latest operating systems. In fact, several of these files are more than ten years old. We explore the premises of using symbols in identifying binaries and conclude that they are insufficient in solving the problem. Additionally, we discuss two possible approaches to solve the problem.
Keywords :
operating systems (computers); security of data; software reusability; source coding; latent vulnerabilities; operating systems; software code reuse; software development paradigm; vulnerable binaries; Computer bugs; Databases; Libraries; Linux; Security; Software packages; computer security; software libraries; software protection; software reliability; software safety;
Conference_Titel :
Reliable Distributed Systems, 2010 29th IEEE Symposium on
Conference_Location :
New Delhi
Print_ISBN :
978-0-7695-4250-8
DOI :
10.1109/SRDS.2010.47
