Railway passenger safety inspection is an important part of the anti-explosion safety line, and is the key to ensure the safety of railway transportation and the safety of passengers' lives and property. In order ...Railway passenger safety inspection is an important part of the anti-explosion safety line, and is the key to ensure the safety of railway transportation and the safety of passengers' lives and property. In order to effectively prevent dangerous goods from entering the station and getting on the bus, and to ensure the safe travel of passengers, this paper designs how to manage the railway security inspection system more efficiently and comprehensively, and constructs an intelligent security inspection operation and maintenance platform. The platform uses "CMDB" as the database for "supervision, management and control" integrated operation and maintenance management "to realize a unified asset allocation management library for security check equipment, integration and sharing of security check information, standardized process management of security check work, real-time status monitoring, environmental monitoring, intelligent contraband identification, fault prediction and other functions of security check equipment operation, which improves the overall intelligence level of security check equipment management, is beneficial to detecting the safety risks of station operation, improving the security check work efficiency, and ensuring the smooth and efficient operation of security check work.展开更多
The Linux kernel adopts a large number of security checks to prevent security-sensitive operations from being executed under unsafe conditions.If a security-sensitive operation is unchecked,a missing-check issue arise...The Linux kernel adopts a large number of security checks to prevent security-sensitive operations from being executed under unsafe conditions.If a security-sensitive operation is unchecked,a missing-check issue arises.Missing check is a class of severe bugs in software programs especially in operating system kernels,which may cause a variety of security issues,such as out-of-bound accesses,permission bypasses,and privilege escalations.Due to the lack of security specifications,how to automatically identify security-sensitive operations and their required security checks in the Linux kernel becomes a challenge for missing-check analysis.In this paper,we present an accurate missing-check analysis method for Linux kernel,which can automatically infer possible security-sensitive operations.Particularly,we first automatically identify all possible security check functions of Linux.Then according to their callsites,a two-direction analysis method is leveraged to identify possible security-sensitive operations.A missing-check bug is reported when the security-sensitive operation is not protected by its corresponding security check.We have implemented our method as a tool,named AMCheX,on top of the LLVM(Low Level Virtual Machine)framework and evaluated it on the Linux kernel.AMCheX reported 12 new missing-check bugs which can cause security issues.Five of them have been confirmed by Linux maintainers.展开更多
文摘Railway passenger safety inspection is an important part of the anti-explosion safety line, and is the key to ensure the safety of railway transportation and the safety of passengers' lives and property. In order to effectively prevent dangerous goods from entering the station and getting on the bus, and to ensure the safe travel of passengers, this paper designs how to manage the railway security inspection system more efficiently and comprehensively, and constructs an intelligent security inspection operation and maintenance platform. The platform uses "CMDB" as the database for "supervision, management and control" integrated operation and maintenance management "to realize a unified asset allocation management library for security check equipment, integration and sharing of security check information, standardized process management of security check work, real-time status monitoring, environmental monitoring, intelligent contraband identification, fault prediction and other functions of security check equipment operation, which improves the overall intelligence level of security check equipment management, is beneficial to detecting the safety risks of station operation, improving the security check work efficiency, and ensuring the smooth and efficient operation of security check work.
基金supported by the National Nature Science Foundation of China under Grant Nos.61802415,62032019 and 62032024.PDF(PC)23。
文摘The Linux kernel adopts a large number of security checks to prevent security-sensitive operations from being executed under unsafe conditions.If a security-sensitive operation is unchecked,a missing-check issue arises.Missing check is a class of severe bugs in software programs especially in operating system kernels,which may cause a variety of security issues,such as out-of-bound accesses,permission bypasses,and privilege escalations.Due to the lack of security specifications,how to automatically identify security-sensitive operations and their required security checks in the Linux kernel becomes a challenge for missing-check analysis.In this paper,we present an accurate missing-check analysis method for Linux kernel,which can automatically infer possible security-sensitive operations.Particularly,we first automatically identify all possible security check functions of Linux.Then according to their callsites,a two-direction analysis method is leveraged to identify possible security-sensitive operations.A missing-check bug is reported when the security-sensitive operation is not protected by its corresponding security check.We have implemented our method as a tool,named AMCheX,on top of the LLVM(Low Level Virtual Machine)framework and evaluated it on the Linux kernel.AMCheX reported 12 new missing-check bugs which can cause security issues.Five of them have been confirmed by Linux maintainers.
