AMCheX: Accurate Analysis of Missing-Check Bugs for Linux Kernel

The Linux kernel adopts a large number of security checks to prevent security-sensitive operations from being executed under unsafe conditions. If a security-sensitive operation is unchecked, a missing-check issue arises. Missing check is a class of severe bugs in software programs especially in ope...

Full description

Saved in:
Bibliographic Details
Published in:Journal of computer science and technology Vol. 36; no. 6; pp. 1325 - 1341
Main Authors: Wang, Ying-Jie, Yin, Liang-Ze, Dong, Wei
Format: Journal Article
Language:English
Published: Singapore Springer Singapore 01.12.2021
Springer
Springer Nature B.V
Key Laboratory of Software Engineering for Complex Systems,College of Computer Science National University of Defense Technology,Changsha 410073,China
Subjects:
Analysis
Artificial Intelligence
Computer Science
Data Structures and Information Theory
Information Systems Applications (incl.Internet)
Linux
Linux (Operating system)
Missing persons
Program errors
Regular Paper
Safety and security measures
Software
Software Engineering
Theory of Computation
Virtual environments
missing-check
security check function
security-sensitive operation
program analysis
ISSN:1000-9000, 1860-4749
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The Linux kernel adopts a large number of security checks to prevent security-sensitive operations from being executed under unsafe conditions. If a security-sensitive operation is unchecked, a missing-check issue arises. Missing check is a class of severe bugs in software programs especially in operating system kernels, which may cause a variety of security issues, such as out-of-bound accesses, permission bypasses, and privilege escalations. Due to the lack of security specifications, how to automatically identify security-sensitive operations and their required security checks in the Linux kernel becomes a challenge for missing-check analysis. In this paper, we present an accurate missing-check analysis method for Linux kernel, which can automatically infer possible security-sensitive operations. Particularly, we first automatically identify all possible security check functions of Linux. Then according to their callsites, a two-direction analysis method is leveraged to identify possible security-sensitive operations. A missing-check bug is reported when the security-sensitive operation is not protected by its corresponding security check. We have implemented our method as a tool, named AMCheX, on top of the LLVM (Low Level Virtual Machine) framework and evaluated it on the Linux kernel. AMCheX reported 12 new missing-check bugs which can cause security issues. Five of them have been confirmed by Linux maintainers.
Bibliography:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:1000-9000
1860-4749
DOI:10.1007/s11390-021-1666-4