Abstract
Operating system kernels carry a large number of security checks to validate security-sensitive variables and operations. For example, a security check should be embedded in a code to ensure that a user-supplied pointer does not point to the kernel space. Using security-checked variables is typically safe. However, in reality, security-checked variables are often subject to modification after the check. If a recheck is lacking after a modification, security issues may arise, e.g., adversaries can control the checked variable to launch critical attacks such as out-of-bound memory access or privilege escalation. We call such cases lacking-recheck (LRC) bugs, a subclass of TOCTTOU bugs, which have not been explored yet. In this paper, we present the first in-depth study of LRC bugs and develop LRSan, a static analysis system that systematically detects LRC bugs in OS kernels. Using an inter-procedural analysis and multiple new techniques, LRSan first automatically identifies security checks, critical variables, and uses of the checked variables, and then reasons about whether a modification is present after a security check. A case in which a modification is present but a recheck is lacking is an LRC bug. We apply LRSan to the latest Linux kernel and evaluate the effectiveness of LRSan. LRSan reports thousands of potential LRC cases, and we have confirmed 19 new LRC bugs. We also discuss patching strategies of LRC bugs based on our study and bug-fixing experience.
Original language | English (US) |
---|---|
Title of host publication | CCS 2018 - Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security |
Publisher | Association for Computing Machinery |
Pages | 1899-1913 |
Number of pages | 15 |
ISBN (Electronic) | 9781450356930 |
DOIs | |
State | Published - Oct 15 2018 |
Event | 25th ACM Conference on Computer and Communications Security, CCS 2018 - Toronto, Canada Duration: Oct 15 2018 → … |
Publication series
Name | Proceedings of the ACM Conference on Computer and Communications Security |
---|---|
ISSN (Print) | 1543-7221 |
Other
Other | 25th ACM Conference on Computer and Communications Security, CCS 2018 |
---|---|
Country/Territory | Canada |
City | Toronto |
Period | 10/15/18 → … |
Bibliographical note
Publisher Copyright:© 2018 Copyright held by the owner/author(s). Publication rights licensed to ACM.
Keywords
- Error code
- Lacking-recheck
- Missing check
- OS Kernel Bug
- Static analysis
- TOCTTOU