Cross-Version Detection for Compiler-Introduced Vulnerabilites

Compilers can introduce security vulnerabilities during the compilation process. These compiler-introduced vulnerabilities are often subtle and can impact critical software such as operating system kernels, databases, and browsers, posing significant security risks. Nowadays, various software, including compilers, are rapidly iterated and updated, which means that new vulnerabilities can be introduced into important software binary code by compilers at any time. Our research indicates that such vulnerabilities often persist in software for a considerable period before being addressed. Therefore, timely detection of newly introduced compiler vulnerabilities is crucial for ensuring software security. There has been extensive research on detecting security vulnerabilities introduced by compilers. However, existing detection methods often focus on specific known vulnerability types and struggle to efficiently handle the frequent updates of compilers and the programs being tested. Consequently, we propose a novel detection technique based on general security code modeling and differential testing, which can efficiently identify security vulnerabilities introduced by compilers in the target program before and after version updates (either in the compiler or source code). This method identifies security code through error handling functions and determines compiler-introduced vulnerabilities by examining the differences in the removal of security checks across different versions. Evaluation experiments conducted on the Linux kernel demonstrate that our approach achieves a low false negative rate, maintains a practical false positive rate, and efficiently detects security vulnerabilities newly introduced by compilers during the compilation process of binary code updates.