When dealing with the large-scale program,many automatic vulnerability mining techniques encounter such problems as path explosion,state explosion,and low efficiency.Decomposition of large-scale programs based on safe...When dealing with the large-scale program,many automatic vulnerability mining techniques encounter such problems as path explosion,state explosion,and low efficiency.Decomposition of large-scale programs based on safety-sensitive functions helps solve the above problems.And manual identification of security-sensitive functions is a tedious task,especially for the large-scale program.This study proposes a method to mine security-sensitive functions the arguments of which need to be checked before they are called.Two argument-checking identification algorithms are proposed based on the analysis of two implementations of argument checking.Based on these algorithms,security-sensitive functions are detected based on the ratio of invocation instances the arguments of which have been protected to the total number of instances.The results of experiments on three well-known open-source projects show that the proposed method can outperform competing methods in the literature.展开更多
The Linux kernel adopts a large number of security checks to prevent security-sensitive operations from being executed under unsafe conditions.If a security-sensitive operation is unchecked,a missing-check issue arise...The Linux kernel adopts a large number of security checks to prevent security-sensitive operations from being executed under unsafe conditions.If a security-sensitive operation is unchecked,a missing-check issue arises.Missing check is a class of severe bugs in software programs especially in operating system kernels,which may cause a variety of security issues,such as out-of-bound accesses,permission bypasses,and privilege escalations.Due to the lack of security specifications,how to automatically identify security-sensitive operations and their required security checks in the Linux kernel becomes a challenge for missing-check analysis.In this paper,we present an accurate missing-check analysis method for Linux kernel,which can automatically infer possible security-sensitive operations.Particularly,we first automatically identify all possible security check functions of Linux.Then according to their callsites,a two-direction analysis method is leveraged to identify possible security-sensitive operations.A missing-check bug is reported when the security-sensitive operation is not protected by its corresponding security check.We have implemented our method as a tool,named AMCheX,on top of the LLVM(Low Level Virtual Machine)framework and evaluated it on the Linux kernel.AMCheX reported 12 new missing-check bugs which can cause security issues.Five of them have been confirmed by Linux maintainers.展开更多
基金This study was supported in part by the National Natural Science Foundation of China(Nos.61401512,61602508,61772549,U1636219 and U1736214)the National Key R&D Program of China(No.2016YFB0801303 and 2016QY01W0105)+1 种基金the Key Technologies R&D Program of Henan Province(No.162102210032)and the Key Science and Technology Research Project of Henan Province(No.152102210005).
文摘When dealing with the large-scale program,many automatic vulnerability mining techniques encounter such problems as path explosion,state explosion,and low efficiency.Decomposition of large-scale programs based on safety-sensitive functions helps solve the above problems.And manual identification of security-sensitive functions is a tedious task,especially for the large-scale program.This study proposes a method to mine security-sensitive functions the arguments of which need to be checked before they are called.Two argument-checking identification algorithms are proposed based on the analysis of two implementations of argument checking.Based on these algorithms,security-sensitive functions are detected based on the ratio of invocation instances the arguments of which have been protected to the total number of instances.The results of experiments on three well-known open-source projects show that the proposed method can outperform competing methods in the literature.
基金supported by the National Nature Science Foundation of China under Grant Nos.61802415,62032019 and 62032024.PDF(PC)23。
文摘The Linux kernel adopts a large number of security checks to prevent security-sensitive operations from being executed under unsafe conditions.If a security-sensitive operation is unchecked,a missing-check issue arises.Missing check is a class of severe bugs in software programs especially in operating system kernels,which may cause a variety of security issues,such as out-of-bound accesses,permission bypasses,and privilege escalations.Due to the lack of security specifications,how to automatically identify security-sensitive operations and their required security checks in the Linux kernel becomes a challenge for missing-check analysis.In this paper,we present an accurate missing-check analysis method for Linux kernel,which can automatically infer possible security-sensitive operations.Particularly,we first automatically identify all possible security check functions of Linux.Then according to their callsites,a two-direction analysis method is leveraged to identify possible security-sensitive operations.A missing-check bug is reported when the security-sensitive operation is not protected by its corresponding security check.We have implemented our method as a tool,named AMCheX,on top of the LLVM(Low Level Virtual Machine)framework and evaluated it on the Linux kernel.AMCheX reported 12 new missing-check bugs which can cause security issues.Five of them have been confirmed by Linux maintainers.
