Blogs (1) >>
ASE 2019
Sun 10 - Fri 15 November 2019 San Diego, California, United States
Thu 14 Nov 2019 17:00 - 17:20 at Cortez 2&3 - Untangling and Merging Chair(s): Iftekhar Ahmed

COTS software products are widely developed on top of one or more OSS projects, which might lead to OSS reuse vulnerabilities. To discover such vulnerabilities, detecting OSS reuses for COTS software is a necessary step. Existing binary-to-source matching approaches are scalable to tens of thousands of OSS projects. However, when applying to COTS software products, they are suffering from precision problem severely due to their limited code features, imprecise matching score computation and the neglect of code structure of OSS projects. In this paper, we propose a novel binary-to-source matching approach B2SFinder to address these issues. It fully analyzes and selects seven kinds of code features that are presented in both binary file and source code and are not susceptible to compilation. In order to precisely calculate matching scores, it employs a weighted feature matching algorithm that combines three matching methods with two importance-weight computing algorithms. The matching methods are applied to different features according to the representation form of the features. The weighting algorithms compute the weight of a feature instance considering its specificity and occurrence frequency. B2SFinder further identifies the reuse type based on matching scores and code structures of OSS projects. We have implemented a prototype of B2SFinder with optimized data structure. We evaluated it on 21991 binaries of 1000 popular COTS software products. The results showed that it is not only precise but also scalable. It identified up to 2.15 times as many reuse cases as the state-of-the-art approach while only took 53.85 seconds on average for a binary file. It also plays a major role in discovering OSS reuse vulnerabilities.

Thu 14 Nov

ase-2019-paper-presentations
16:00 - 17:40: Papers - Untangling and Merging at Cortez 2&3
Chair(s): Iftekhar AhmedUniversity of California at Irvine, USA
ase-2019-papers16:00 - 16:20
Talk
The Impact of Structure on Software Merging: Semistructured versus Structured Merge
Guilherme CavalcantiFederal University of Pernambuco, Brazil, Paulo BorbaFederal University of Pernambuco, Brazil, Georg SeibtUniversity of Passau, Sven ApelSaarland University
Pre-print
ase-2019-papers16:20 - 16:40
Talk
Semistructured Merge in JavaScript Systems
Alberto Trindade TavaresFederal University of Pernambuco, Paulo BorbaFederal University of Pernambuco, Brazil, Guilherme CavalcantiFederal University of Pernambuco, Brazil, Sergio SoaresFederal University of Pernambuco
Pre-print
ase-2019-papers16:40 - 17:00
Talk
CLCDSA: Cross Language Code Clone Detection using Syntactical Features and API Documentation
Kawser NafiUniversity of Saskatchewan, Tonny Shekha KarUniversity of Saskatchewan, Canada, Banani RoyUniversity of Saskatchewan, Chanchal K. RoyUniversity of Saskatchewan, Kevin SchneiderUniversity of Saskatchewan
ase-2019-papers17:00 - 17:20
Talk
B2SFinder: Detecting Open-Source Software Reuse in COTS Software
Muyue FengInstitute of Information Engineering, Chinese Academy of Sciences, Zimu YuanInstitute of Information Engineering, Chinese Academy of Sciences, Feng LiInstitute of Computing Technology at Chinese Academy of Sciences, China, Gu BanInstitute of Information Engineering, Chinese Academy of Sciences, Yang XiaoInstitute of Information Engineering, Chinese Academy of Sciences & School of Cyber Security, University of Chinese Academy of Sciences, Shiyang WangInstitute of Information Engineering, Chinese Academy of Sciences, Qian TangInstitute of Information Engineering, Chinese Academy of Sciences, He SuInstitute of Information Engineering, Chinese Academy of Sciences, Chendong YuUniversity of Chinese Academy of Sciences, Jiahuan XuInstitute of Information Engineering, Chinese Academy of Sciences, Aihua PiaoInstitute of Information Engineering, Chinese Academy of Sciences, Jingling XueUNSW Sydney, Wei HuoInstitute of Information Engineering, Chinese Academy of Sciences
ase-2019-papers17:20 - 17:40
Talk
CoRA: Decomposing and Describing Tangled Code Changes for Reviewer
Min WangPeking University, Zeqi LinMicrosoft Research, China, Yanzhen ZouPeking University, Bing XiePeking University