摘要: Today's operating systems struggle with vulnerabilities from careless handling of user space pointers. User/kernel pointer bugs have serious consequences for security: a malicious could exploit user/kernel bug to gain elevated privileges, read sensitive data, or crash the system. We show how detect using type-qualifier inference, and we apply this method Linux kernel CQUAL, inference tool. extend basic type-inference capabilities CQUAL support context-sensitivity greater precision when analyzing structures so that requires fewer annotations generates false positives. With these enhancements, were able use find 17 exploitable in kernel. Several found missed by careful hand audits, other program analysis tools, both.
acm.org参考文章(11)
Naveen Sastry, Pete Broadwell, Matt Harren, Scrash: a system for generating secure crash information usenix security symposium. pp. 19- 19 ,(2003)
David Wagner, Kunal Talwar, Jeffrey S. Foster, Umesh Shankar, Detecting format string vulnerabilities with type qualifiers usenix security symposium. pp. 16- 16 ,(2001)
Eric A. Brewer, Alexander Aiken, David A. Wagner, Jeffrey S. Foster, A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities. network and distributed system security symposium. ,(2000)
Antony Edwards, Trent Jaeger, Xiaolan Zhang, Using CQUAL for Static Analysis of Authorization Hook Placement usenix security symposium. pp. 33- 48 ,(2002)
Thomas Ball, Sriram K. Rajamani, The SLAM project Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages - POPL '02. ,vol. 37, pp. 1- 3 ,(2002) , 10.1145/503272.503274
Hao Chen, David Wagner, MOPS Proceedings of the 9th ACM conference on Computer and communications security - CCS '02. pp. 235- 244 ,(2002) , 10.1145/586110.586142
J. Viega, J.T. Bloch, Y. Kohno, G. McGraw, ITS4: a static vulnerability scanner for C and C++ code annual computer security applications conference. pp. 257- 267 ,(2000) , 10.1109/ACSAC.2000.898880
George C. Necula, Scott McPeak, Westley Weimer, CCured ACM SIGPLAN Notices. ,vol. 47, pp. 74- 85 ,(2012) , 10.1145/2442776.2442786
Junfeng Yang, Ted Kremenek, Yichen Xie, Dawson Engler, MECA: an extensible, expressive system and language for statically checking security properties computer and communications security. pp. 321- 334 ,(2003) , 10.1145/948109.948153
Alexander S. Aiken, Jeffrey Scott Foster, Type qualifiers: lightweight specifications to improve software quality University of California, Berkeley. ,(2002)