We found a match
Your institution may have access to this item. Find your institution then sign in to continue.
- Title
CVMan: A Framework for Clone-Incurred Vulnerability Management.
- Authors
Shi, Jian; Zou, Deqing; Xu, Shouhuai; Jin, Hai
- Abstract
Software clones may cause vulnerability proliferation, which highlights the importance of investigating clone-incurred vulnerabilities. In this paper, we propose a framework for automatically managing clone-incurred vulnerabilities. Two innovations of the framework are the notion of the spatial clone-relation graph, which describes clone-based relationships between software programs, and the temporal clone-relation graph, which describes the evolution of clones in software over time. As a case study, we apply the framework to analyze eight versions of Ubuntu while drawing a number of insights, such as: (i) clones are prevalent with about one-sixth of the codebase being clones; (ii) intra-program clones are often attributed to polymorphisms or functional similarities between procedures, while inter-program clones are often attributed to shared code repositories and the reuse of libraries; (iii) the clone surface of Linux remains stable at around 0.6, meaning that spatial and temporal clones in Linux account for about 60% of the codebase, while the lifetime of 53% clones spans eight versions; and (iv) the clone-incurred vulnerability surface in Linux is small, while vulnerable clones and non-vulnerable clones have similar lifetimes.
- Subjects
LIBRARY storage centers; LINUX operating systems
- Publication
Applied Sciences (2076-3417), 2023, Vol 13, Issue 8, p4948
- ISSN
2076-3417
- Publication type
Article
- DOI
10.3390/app13084948