One Million (LOC) and Counting: Static Analysis for Errors and Vulnerabilities in the Linux Kernel Source Code
نویسندگان
چکیده
This article describes an analysis tool aimed at the C code of the Linux kernel, having been first described as a prototype (in this forum) in 2004. Its continuing maturation means that it is now capable of treating millions of lines of code in a few hours on very modest platforms. It detects about two uncorrected deadlock situations per thousand C source files or million lines of source code in the Linux kernel, and three accesses to freed memory. In distinction to model-checking techniques, the tool uses a configurable “3-phase” programming logic to perform its analysis. It carries out several different analyses simultaneously.
منابع مشابه
DR. CHECKER: A Soundy Analysis for Linux Kernel Drivers
While kernel drivers have long been know to poses huge security risks, due to their privileged access and lower code quality, bug-finding tools for drivers are still greatly lacking both in quantity and effectiveness. This is because the pointer-heavy code in these drivers present some of the hardest challenges to static analysis, and their tight coupling with the hardware make dynamic analysis...
متن کاملAn Empirical Study of Operating Systems Errors
We present a study of operating system errors found by automatic, static, compiler analysis applied to the Linux and OpenBSD kernels. Our approach differs from previous studies that consider errors found by manual inspection of logs, testing, and surveys because static analysis is applied uniformly to the entire kernel source, though our approach necessarily considers a less comprehensive varie...
متن کاملTowards Linux Kernel Memory Safety
e security of billions of devices worldwide depends on the security and robustness of the mainline Linux kernel. However, the increasing number of kernel-specific vulnerabilities, especially memory safety vulnerabilities, shows that the kernel is a popular and practically exploitable target. Two major causes of memory safety vulnerabilities are reference counter overflows (temporal memory erro...
متن کاملFighting Security Bugs in the Linux Kernel
This article outlines possibilities of automatic finding of security vulnerabilities in the source code of the Linux kernel. In the first part we will describe (some of) the possible vulnerable constructs (based on observations of security vulnerabilities having been fixed in the kernel in the past) and describe how they could be exploited to gain elevated privileges on the system. The second p...
متن کاملIdentifying Clones in the Linux Kernel
Large multi-platform software systems are likely to encompass hardware-dependent code or sub-systems. However, analyzing multi-platform source code is challenging, due to the variety of supported configurations. Often, the system was originally developed for a single platform, and then new target platforms were added. This practice promotes the presence of duplicated code, also said “cloned” co...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2006