Detecting missing-check bugs via semantic- And context-aware criticalness and constraints inferences

Kangjie Lu, Aditya Pakki, Qiushi Wu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

74 Scopus citations

Abstract

Missing a security check is a class of semantic bugs in software programs where erroneous execution states are not validated. Missing-check bugs are particularly common in OS kernels because they frequently interact with external untrusted user space and hardware, and carry out error-prone computation. Missing-check bugs may cause a variety of critical security consequences, including permission bypasses, out-of-bound accesses, and system crashes. While missing-check bugs are common and critical, only a few research works have attempted to detect them, which is arguably because of the inherent challenges in the detection-whether a variable requires a security check depends on its semantics, contexts and developer logic, and understanding them is a hard problem. In this paper, we present CRIX, a system for detecting missing-check bugs in OS kernels. CRIX can scalably and precisely evaluate whether any security checks are missing for critical variables, using an inter-procedural, semantic- and context-aware analysis. In particular, CRIX's modeling and cross-checking of the semantics of conditional statements in the peer slices of critical variables infer their criticalness, which allows CRIX to effectively detect missing-check bugs. Evaluation results show that CRIX finds missing-check bugs with reasonably low false-report rates. Using CRIX, we have found 278 new missing-check bugs in the Linux kernel that can cause security issues. We submitted patches for all these bugs; Linux maintainers have accepted 151 of them. The promising results show that missing-check bugs are a common occurrence, and CRIX is effective and scalable in detecting missing-check bugs in OS kernels.

Original languageEnglish (US)
Title of host publicationProceedings of the 28th USENIX Security Symposium
PublisherUSENIX Association
Pages1769-1786
Number of pages18
ISBN (Electronic)9781939133069
StatePublished - 2019
Event28th USENIX Security Symposium - Santa Clara, United States
Duration: Aug 14 2019Aug 16 2019

Publication series

NameProceedings of the 28th USENIX Security Symposium

Conference

Conference28th USENIX Security Symposium
Country/TerritoryUnited States
CitySanta Clara
Period8/14/198/16/19

Bibliographical note

Funding Information:
We would like to thank our shepherd, Trent Jaeger, and the anonymous reviewers for their helpful suggestions and comments. We are also grateful to Stephen McCamant for providing valuable comments and to Linux maintainers for providing prompt feedback on patching bugs. This research was supported in part by the NSF award CNS-1815621. Any opinions, findings, conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of NSF.

Fingerprint

Dive into the research topics of 'Detecting missing-check bugs via semantic- And context-aware criticalness and constraints inferences'. Together they form a unique fingerprint.

Cite this