/hmark

VUDDY & hmark for IoTcube

Primary LanguagePython

VUDDY (a.k.a. hmark)

VUDDY is an approach for scalable and accurate vulnerable code clone detection. This approach is specifically designed to accurately find vulnerabilities in massive code bases (e.g., Linux kernel, 25 MLoC). Principles and results are discussed in our paper, which was published in 38th IEEE Symposium on Security and Privacy (S&P'17).

hmark is the implementation of VUDDY, which is also the client-side preprocessing tool for "Vulnerable Code Clone Detection" testing provided by IoTcube, an automated vulnerability testing platform. Details are available here.

This project is a part of the "international collaborative research", which was conducted by CSSA (Center for Software Security and Assurrance).

Notice

Currently, the patent of VUDDY (hmark) is held in LABRADOR LABS, and thus commercial usage of this repository and source code is not allowed.

Getting Started with hmark

Prerequisites

  • Linux or OS X - hmark is designed to work on any of the operating systems. Tested OS distributions include Ubuntu 14.04, 16.04, and 18.04, Fedora 25, and OS X. Let me know if your OS is not supported.
  • Python 2, version 2.7.10 or newer - earlier versions may work, but not tested.
  • python-tk package - install from your package manager.
  • Java Runtime Environment (JRE) - We recommend openjdk-8-jre.

Running hmark

  1. cd hmark
  2. python hmark.py [-h] [-c path ON/OFF] [-n] [-V]

You can see the help message below by passing an -h (or --help) argument.

usage: python hmark.py [-h] [-c path ON/OFF] [-n] [-V]

- optional arguments:
  -h, --help            show this help message and exit

  -c path ON/OFF, --cli-mode path ON/OFF
                        run hmark without GUI by specifying the path to the
                        target directory, and the abstraction mode
  -n, --no-updatecheck  bypass update checking (not recommended)
  -V, --version         print hmark version and exit
  1. Upload the resulting hidx file on IoTcube's Vulnerable Code Clone Detection testing.

Binary Release

Instead of running hmark from source code, you can also download and execute prebuilt binaries. Binaries for Windows, Linux, and OS X are available here.

Reporting Bugs

For reporting bugs, you can submit an issue to the VUDDY GitHub, or send me an email. Feel free to send pull requests if you have suggestions or bugfixes!

About

This program is authored and maintained by Seulbae Kim

GitHub @squizz617