Impact factors for severity assessment of bugs discovered via compositional symbolic execution

By Ricardo Nales, supervised by Saahil Ognawala

---

Task list (31.08.2017)

• Read about two classifiers
• Create script for generating X and Y (based on scikit-learn requirements)
• Run both classifiers on X and Y and put results on git
• Prepare presentation dry-run

Task list (24.08.2017)

• Collect CVSS scores Manually from the results of KLEE.
• Compare them to those found in the NVD database.
• Further improve the Front-end User Interface.

Task list (17.08.2017)

• Send title and abstract of mid-term presentation.
• Check how distance_to_interface calculates the distance and what is None (should be infinite or a very big number).
• Fix macke_bug_chain_length function, according to the comments in node_attributes.py.
• Generate covariance and correlation matrices again.

Task list (27.07.2017)

• Add Macke attributes to the attribute list (JSON)
  • Bug chain length
  • Number of vulnerabilities inside the function
• Co-relation between node attributes (including everything) and CVSS base score
  • For each node attribute (eg. centrality, path-length) calculate co-relation to each CVSS base score metric.
• For user presentation, use the line number given by Macke, and not the one given by CVSS scores. This can't be done for all, since ptr.err are not generated 100% of the time
• HTML front-end for displaying vulnerability report.

Task list (20.07.2017)

• Extract dot files for all compiled programs.
• Format the output of node_attributes+CVSS scores as structured JSON.
• Compare to the existing list from CVSS database.
  • See if you can find the line of code described in the bug report from CVSS
• Co-relation between node attributes (including everything) and CVSS base score
  • For each node attribute (eg. centrality, path-length) calculate co-relation to each CVSS base score metric.

Task list (17.07.2017)

• Run Macke on all "relevant" bc files.
  • Get a list of all vulnerabilities reported by Macke.
    • Separate list into found-only-by-macke, not-found-by-macke, found-by-both-macke-and-cvss-database
  • Compare to the existing list from CVSS database.

Task list (06.07.2017)

• Fix all the node attributes
  • Use instructions from graph-attributes.md and node_attributes.py
• Investigate for a prototype for converting json file to javascript representation.
• Run Macke on all "relevant" bc files.
  • Get a list of all vulnerabilities reported by Macke.
  • Compare to the existing list from CVSS database.
    • See if you can find the line of code described in the bug report from CVSS
  • After the above is complete, calculate the other graph features as well.

Task list (30.06.2017)

• Read : https://www.cs.purdue.edu/mlg2011/papers/paper_1.pdf
  • Create function that parses through a JSON and generates the values for each of the relevant attributes mentioned in this paper.
• Read about the severity function from: https://mediatum.ub.tum.de/doc/1329071/1329071.pdf
• Learn to use the correlation function (https://docs.scipy.org/doc/numpy/reference/generated/numpy.corrcoef.html)
• Transform .dot graphs to .json (dot_to_json.py)

Task list (22.06.2017)

• Compile all programs with make+llvm.
  • Check for dependencies, and install them
• Create callgraphs for all of them.
• Mark functions that have the vulnerabilities.

Task list (08.06.2017)

• How to extract callgraphs using LLVM Opt.
• Get NVD bugs for 15 years ( for the ones that have CVSS3 available )
  • Filter entries by CVSS3 and CVE_probelmtype_data = CWE-119
  • Description must value must have "function" and ".c"
• For all filtered bugs get program name, version and link
• Download sources of filtered programs.
• Google Sheets link to Saahil. Create a tuple for each individual program.

Task list (01.06.2017)

• Proposal on user interface for assessment tool. (Wireframe only)
• Look at the complete output of Macke on Kaleidoscope programs. (Don't save in /tmp)
  • Which fields are indicative of attack complexity and why?
• Look at GNU Bugzilla repositories to learn about known severities.
  • List all required and optional fields in Bugzilla.
  • Which fields are indicative of attack complexity?

Task list (26.05.2017)

• Read papers regarding CVSS (https://www.first.org/cvss/calculator/3.0)
• Solve a maze using KLEE (https://feliam.wordpress.com/2010/10/07/the-symbolic-maze/)

Task list (18.05.2017)

• Read papers for severity assessment
• Send docker link to thomas and saahil by email (ricardonales/macke:0.6)
• Run KLEE on all Kaleidoscope programs
• Install macke from tum-i22 github page
• Run all kaleidoscope programs with Macke
  • Play around with all options
  • Run with multiple time limits (per function)
  • Look at the outputs, and compare to KLEE outputs

Task list (15.05.2017)

• Create Bitbucket repo and grant me (“saahil") access.
• List of programs for which bitcodes can be automatically generated. https://github.com/hutoTUM/bitcode-kaleidoscope
• Run tutorial one and two from KLEE’s website. https://klee.github.io
• Read Macke paper (attached) and its related works.

---