Search Icon
Submissions

VeriBin: Adaptive Verification of Patches at the Binary Level

Hongwei Wu (Purdue University), Jianliang Wu (Simon Fraser University), Ruoyu Wu (Purdue University), Ayushi Sharma (Purdue University), Aravind Machiry (Purdue University), Antonio Bianchi (Purdue University)

Vendors are often provided with updated versions of a piece of software, fixing known security issues.
However, the inability to have any guarantee that the provided patched software does not break the functionality of its original version often hinders patch deployment.
This issue is particularly severe when the patched software is only provided in its compiled binary form.
In this case, manual analysis of the patch's source code is impossible, and existing automated patch analysis techniques, which rely on source code, are not applicable.
Even when the source code is accessible, the necessity of binary-level patch verification is still crucial, as highlighted by the recent XZ Utils backdoor.

To tackle this issue, we propose VeriBin, a system able to compare a binary with its patched version and determine whether the patch is ''Safe to Apply'', meaning it does not introduce any modification that could potentially break the functionality of the original binary.
To achieve this goal, VeriBin checks functional equivalence between the original and patched binaries.
In particular, VeriBin first uses symbolic execution to systematically identify patch-introduced modifications.
Then, it checks if the detected patch-introduced modifications respect specific properties that guarantee they will not break the original binary's functionality.
To work without source code, VeriBin's design solves several challenges related to the absence of semantic information (removed during the compilation process) about the analyzed code and the complexity of symbolically executing large functions precisely.
Our evaluation of VeriBin on a dataset of 86 samples shows that it achieves an accuracy of 93.0% with no false positives, requiring only minimal analyst input.
Additionally, we showcase how VeriBin can be used to detect the recently discovered XZ Utils backdoor.

Paper

View More Papers

Security Signals: Making Web Security Posture Measurable at Scale

Michele Spagnuolo (Google), David Dworken (Google), Artur Janc (Google), Santiago Díaz (Google), Lukas Weichselbaum (Google)

Read More

GAP-Diff: Protecting JPEG-Compressed Images from Diffusion-based Facial Customization

Haotian Zhu (Nanjing University of Science and Technology), Shuchao Pang (Nanjing University of Science and Technology), Zhigang Lu (Western Sydney University), Yongbin Zhou (Nanjing University of Science and Technology), Minhui Xue (CSIRO's Data61)

Read More

A Field Study to Uncover and a Tool to...

Leon Kersten (Eindhoven University of Technology), Kim Beelen (Eindhoven University of Technology), Emmanuele Zambon (Eindhoven University of Technology), Chris Snijders (Eindhoven University of Technology), Luca Allodi (Eindhoven University of Technology)

Read More

Truman: Constructing Device Behavior Models from OS Drivers to...

Zheyu Ma (Institute for Network Sciences and Cyberspace (INSC), Tsinghua University; EPFL; JCSS, Tsinghua University (INSC) - Science City (Guangzhou) Digital Technology Group Co., Ltd.), Qiang Liu (EPFL), Zheming Li (Institute for Network Sciences and Cyberspace (INSC), Tsinghua University; JCSS, Tsinghua University (INSC) - Science City (Guangzhou) Digital Technology Group Co., Ltd.), Tingting Yin (Zhongguancun…

Read More