Explore a conference talk on SPIDER, an innovative system designed to accelerate patch propagation across related software repositories. Delve into the challenges of automatic patch propagation and learn about the solution requirements for safe patches. Understand the conditions for safe patches, including valid inputs to functions and output equivalence verification. Examine how SPIDER handles infinite data flow paths and implements its core functionalities. Discover the process of converting path constraints to symbolic expressions for both old and patched functions. Gain insights into verifying non-increasing input space and the assumptions made by SPIDER. Review the evaluation results on total patches, CVE fixing patches, and the security patch mode. This IEEE presentation offers a comprehensive look at a cutting-edge approach to enhancing software security through efficient patch management.
SPIDER - Enabling Fast Patch Propagation in Related Software Repositories
Overview
Syllabus
Intro
Delays in Security Patch Propagation
Non-CVE Security Patches
The Problem of Automatic Patch Propagation
Solution Requirements
Safe Patch Should Not Affect the Functionality
Safe Patches Conditions
Valid Inputs to a Function
Verifying Output Equivalence (C2)
Handling Infinite Data flow paths
Spider Implementation
Convert Path Constraint to Symbolic Expression (Old Function)
Convert Path Constraint to Symbolic Expression (Patched Function)
Verifying Non-Increasing Input Space (C1)
Spider Assumptions
Evaluation: On Total Patches
Evaluation: On CVE Fixing Patches
Evaluation Security Patch Mode
Taught by
IEEE Symposium on Security and Privacy
