Finding User/Kernel Pointer Bugs with Type Inference
نویسندگان
چکیده
Today’s operating systems struggle with vulnerabilities from careless handling of user space pointers. User/kernel pointer bugs have serious consequences for security: a malicious user could exploit a user/kernel pointer bug to gain elevated privileges, read sensitive data, or crash the system. We show how to detect user/kernel pointer bugs using type-qualifier inference, and we apply this method to the Linux kernel using CQUAL, a type-qualifier inference tool. We extend the basic type-inference capabilities of CQUAL to support context-sensitivity and greater precision when analyzing structures so that CQUAL requires fewer annotations and generates fewer false positives. With these enhancements, we were able to use CQUAL to find 17 exploitable user/kernel pointer bugs in the Linux kernel. Several of the bugs we found were missed by careful hand audits, other program analysis tools, or both.
منابع مشابه
DR. CHECKER: A Soundy Analysis for Linux Kernel Drivers
While kernel drivers have long been know to poses huge security risks, due to their privileged access and lower code quality, bug-finding tools for drivers are still greatly lacking both in quantity and effectiveness. This is because the pointer-heavy code in these drivers present some of the hardest challenges to static analysis, and their tight coupling with the hardware make dynamic analysis...
متن کاملCheckbochs: Use Hardware to Check Software
In this paper, we present a system called Checkbochs, a machine simulator that checks rules about its guest operating system and applications at the hardware level. The properties to be checked can be implemented as ‘plugins’ in the Checkbochs simulator. Some of the properties that were checked using Checkbochs include null-pointer checks, format-string vulnerabilities, user/kernel pointer chec...
متن کاملEffective testing for concurrency bugs
In the current multi-core era, concurrency bugs are a serious threat to software reliability. As hardware becomes more parallel, concurrent programming will become increasingly pervasive. However, correct concurrent programming is known to be extremely challenging for developers and can easily lead to the introduction of concurrency bugs. This dissertation addresses this challenge by proposing ...
متن کاملSigGraph: Brute Force Scanning of Kernel Data Structure Instances Using Graph-based Signatures
Brute force scanning of kernel memory images for finding kernel data structure instances is an important function in many computer security and forensics applications. Brute force scanning requires effective, robust signatures of kernel data structures. Existing approaches often use the value invariants of certain fields as data structure signatures. However, they do not fully exploit the rich ...
متن کاملSimple and Effective Static Analysis to Find Bugs
Title of dissertation: SIMPLE AND EFFECTIVE STATIC ANALYSIS TO FIND BUGS David H. Hovemeyer, Doctor of Philosophy, 2005 Dissertation directed by: Professor William W. Pugh Department of Computer Science Much research in recent years has focused on using static analysis to find bugs in software. Many new approaches employing sophisticated program analysis techniques—inter-procedural, context-sen...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2004