An Empirical Study of Software Sanitization Locality
This work introduces the concept of software sanitization locality and conducts empirical measurements. We define software sanitization locality as the property wherein the sanitization operation, if present, remains proximate to its protected API. To quantify this property, we have introduced a range of metrics to illustrate the distance between a sanitization operation and its protected API from various perspectives, including both the abstract syntax tree level and the binary level. In an effort to validate the concept of sanitization locality, we have also gathered and labeled a dataset of programs containing security patches to conduct empirical measurements. This dataset encompasses a diverse array of 16 typical vulner-abilities sourced from the Linux kernel codebase. The findings conclusively illustrate that the analyzed samples do exhibit the hypothesized sanitization locality
Chapter, 2024