Closed lwy0518 closed 1 year ago
nevillegrech
commented
1 year ago Hi @lwy0518 thanks for the question.
No, right now we have no way to generate the vulnerability specifications based on examples.
There is some research on this direction from another team that is highly relevent to your question though:
RAGHOTHAMAN et al. Provenance-Guided Synthesis of Datalog Programs, Proceedings of the ACM, PL (POPL) 2020.
lwy0518
commented
1 year ago Hi! Thank you for your reply. I will take a serious look at the paper you recommended and follow the team. Thank you very much! thank you for your reply. I will take a serious look at the paper you recommended and follow the team.
1024325635 @.***
------------------ 原始邮件 ------------------ 发件人: "nevillegrech/gigahorse-toolchain" @.>; 发送时间: 2022年11月4日(星期五) 晚上9:25 @.>; @.**@.>; 主题: Re: [nevillegrech/gigahorse-toolchain] Can detection rules be automatically generated? (Issue #50)
Hi @lwy0518 thanks for the question.
No, right now we have no way to generate the vulnerability specifications based on examples.
There is some research on this direction from another team that is highly relevent to your question though:
RAGHOTHAMAN et al. Provenance-Guided Synthesis of Datalog Programs, Proceedings of the ACM, PL (POPL) 2020.
— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you were mentioned.Message ID: @.***>
I have always had a question: your method is to write vulnerability detection rules based on vulnerability characteristics, which will lead to too strong subjective factors. So, do we have any way to automatically generate detection rules based on the characteristics of the vulnerability? Or is this a disadvantage of Datalog in the first place? Looking forward to your reply. Thanks!