MétaCan
Menu
Back to cohort
Record W4389205823 · doi:10.22215/etd/2023-15772

Hy2: A Hybrid Vulnerability Analysis Method

2023· dissertation· en· W4389205823 on OpenAlex

Why this work is in the frame

A frame that forgets how it found something cannot be audited. These are the routes that admitted this work.

affAt least one author lists a Canadian institution in the pinned OpenAlex snapshot.

Bibliographic record

Venuenot available
Typedissertation
Languageen
FieldComputer Science
TopicSoftware Testing and Debugging Techniques
Canadian institutionsCarleton University
Fundersnot available
KeywordsVulnerability (computing)EmulationVulnerability assessmentComputer scienceAbstractionStatic analysisSoftwareComputer securityProgramming language

Abstract

fetched live from OpenAlex

Software vulnerabilities remain an ever-present problem. Factors such as software complexity, size, and diversity of vulnerabilities drive the need for automated vulnerability analysis solutions. Past vulnerability analysis methods struggle with nondeterminism and uncertainty introduced by the environment and external dependencies. To address this problem, we present our vulnerability analysis method Hy2, a double hybrid of runtime verification and model checking, and dynamic and static analysis. It approaches the problem of building an abstraction of program behavior with decompilation and uses full-system emulation to handle undecidability and address environmental side effects. We discuss the limitations of past vulnerability analysis methods that motivated Hy2's creation and detail its design and implementation. We present an evaluation of Hy2 on several real-world programs to demonstrate its practicality and effectiveness. We uncovered 18 reported and several unreported vulnerabilities in the programs evaluated and describe limitations and potential improvements to Hy2.

Fetched live from OpenAlex and de-inverted. Abstracts are not stored in this database: the inverted indexes are 8.6 GB of the frame’s 9.3 GB of text, and the host has 13 GB free.

Full frame distilled prediction

Teacher imitation

Not calibrated prevalence, not ground truth. Human validation pending. Learned from the 10,348 direct Codex labels and 10,348 direct Gemma labels. Candidate is the union of thresholded teacher heads; consensus is their intersection. These outputs are machine_predicted_unvalidated and are not human labels or direct frontier model labels.

metaresearch head score (Codex)0.001
metaresearch head score (Gemma)0.001
Version: codex-gemma-dda1882f352aValidation status: machine_predicted_unvalidated
Candidate categoriesMeta-epidemiology (narrow)
Consensus categoriesnone
DomainCandidate signal: none · Consensus signal: none
Study designCandidate signal: Other design · Consensus signal: none
GenreCandidate signal: Methods · Consensus signal: Methods
Teacher disagreement score0.705
Threshold uncertainty score1.000

Codex and Gemma teacher scores by category

CategoryCodexGemma
Metaresearch0.0010.001
Meta-epidemiology (narrow)0.0000.000
Meta-epidemiology (broad)0.0010.000
Bibliometrics0.0010.002
Science and technology studies0.0000.000
Scholarly communication0.0000.000
Open science0.0010.000
Research integrity0.0000.000
Insufficient payload (model declined to judge)0.0000.000

Machine scores (provisional)

The two teacher heads of the student model, read on this work. A score orders the frame for review; it never asserts a category, and the validation status ships verbatim with every row.

Baseline scores from an immature model (maturity gate not passed, 7 training rounds). Scores rank; they never assert a category.

Opus teacher head0.030
GPT teacher head0.362
Teacher spread0.332 · how far apart the two teachers sit on this one work
Validation statusscore_only:v0-immature-baseline · verbatim from the scoring run: score_only means the number may rank works, and no category label ships from it