基于配对函数调用场景的设备驱动漏洞检测

Vulnerability Detection of Device Drivers Based on Pair Functions’ Calling Context

下载PDF

导出

摘要由于Linux系统的设备驱动工作在内核模式中,在这种特定的工作场景下,由设备驱动引发的漏洞问题极易影响操作系统的稳定性和安全性.当前在各类设备驱动漏洞中所占比例较高的当属资源操作类漏洞,针对这种情况,我们提出了一种基于配对函数调用场景的设备驱动漏洞检测方法.首先引入配对函数的概念,据此对特定的驱动程序做配对函数的自动提取与优化;随后结合手工分析结果构建配对函数在资源申请与释放过程中的执行路径;最后基于相应的函数调用场景进行配对检查,检测并验证设备驱动程序中内存资源的申请和释放是否为完全层次性匹配.为验证该方法的有效性,实验分别选取不同的设备驱动应用该漏洞检测方法,记录相应的漏报率、误报率及覆盖度.实验结果表明,该设备驱动漏洞检测方法精确率较高,检测速度快.并且该方法不依赖于实时编译以及硬件设备等条件. Since the device drivers of Linux work in the kernel mode, in this specific work scenario, the vulnerability caused by the device drivers can easily affect the stability and security of the operating system. At present, the most proportion of various types of device drivers’ vulnerabilities is resource operation vulnerability. In this case, a vulnerability device detection method of device drivers based on pair functions’ calling context is proposed. Firstly, we introduced the concept of pair function, according to which the automatic extraction and optimization of the pair function were performed for the specific drivers. Then the execution path of the pair function in the resource request and release process was recorded based on manual analysis results. Finally, the pair function was combined with the corresponding calling context scenario to verify whether the application and release of memory resources in the device driver matched in the hierarchy exactly. In order to verify the effectiveness of this method, vulnerability detection method was applied to different drivers in the experiment, and the corresponding false negative, false positive, and coverage were recorded. The experimental results show that the device drivers’ vulnerability detection method has higher accuracy and faster detection speed, and the method does not depend on conditions such as real-time compilation and hardware devices.

作者王佳翟高寿刘峰李红辉 WANG Jia;ZHAI Gao-Shou;LIU Feng;LI Hong-Hui(School of Computer and Information Technology,Beijing Jiaotong University,Beijing 100044,China)

机构地区北京交通大学计算机与信息技术学院

出处《计算机系统应用》 2019年第10期35-44,共10页 Computer Systems & Applications

基金国家重点研发计划(2016YFF0204002) 教育部产学合作协同育人项目(201702025004)~~

关键词 LINUX 设备驱动配对函数调用场景漏洞检测 Linux device driver pair function calling context vulnerability detection

分类号 TP3 [自动化与计算机技术—计算机科学与技术]

引文网络
相关文献

参考文献1

1刘虎球,白家驹,王瑀屏.一种面向内核接口的顺序依赖规则挖掘与违例检测方法[J].计算机学报,2015,38(5):1007-1019. 被引量：1

二级参考文献25

1Ganapathi A, Ganapathi V, Patterson D. Windows XP kernel crash analysis//Proceedings of the 20th Large Installation System Administration. Washington, USA, 2006t 101-111. 被引量：1
2Wang X, Chen H, Jia Z, et al. Improving integer security for systems with KINT//Proeeedings of the 10th USENIX Conference on Operating Systems Design and Implementation. Hollywood, Canada, 2012:163-177. 被引量：1
3Li Z, Zhou Y. PR-Miner.. Automatically extracting implicit programming rules and detecting violations in large software code. SIGSOFT Software Engineering Notes. 2005, 30(5): 306-315. 被引量：1
4Kadav A, Renzelmann M J, Swift M M. Fine-grained fault tolerance using device checkpoints//Proceedings of the 18th International Conference on Architeetural Support for Programming Languages and Operating Systems. Houston, USA, 2013.. 473-484. 被引量：1
5Renzelmann M J, Kadav A, Swift M M. SymDrive, Testing drivers without devices//Proceedings of the 10th USENIX Conference on Operating Systems Design and Implementation. Hollywood, Canada, 2012:279-292. 被引量：1
6Chou A, Yang Junfeng, Chelf B, et al. An empirical study of operating systems errors//Proceedings of the 18th ACM Symposium on Operating Systems Principles. Banff, Canada, 2001 : 73-88. 被引量：1
7Dillig I, Thomas D, Aiken A. Static error detection using semantic inconsistency inferenee//Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation. San Diego, USA, 2007, 42(6): 435-445. 被引量：1
8Pradel M, Jaspan C, Aldrich J, Gross T R. Statically checking API protocol conformance with mined multi-object speeifications//Proceedings of the 34th International Conference on Software Engineering. Zurich, Switzerland, 2012: 925- 935. 被引量：1
9Mao Y, Chen H, Zhou D, et al. Software fault isolation with API integrity and multi-principal modules//Proeeedings of the 23 rd ACM Symposium on Operating Systems Principles. Caseais, Portugal, 2011:115-128. 被引量：1
10Ryzhyk L, Chubb P, Kuz I, Heiser G. Dingo: Taming device drivers//Proeeedings of the 4th ACM European Conference on Computer Systems. Nuremberg, Germany, 2009, 275-288. 被引量：1

1本刊记者.漏洞与网络安全——专访北京奇安信科技有限公司董事长齐向东[J].保密工作,2019,0(5):62-64.
2杨宏.人工智能在计算机网络技术中的应用[J].电子技术与软件工程,2019(16):11-12. 被引量：3
3门宇,梁拓,李银琦.浅谈c语言指针结构[J].科技风,2019,0(22):83-83. 被引量：1
4张婷婷.卫生经济漏洞问题的实际处理方案[J].神州,2019,0(28):273-273.
5王鸥,何金,程蕾,李广野,刘永胜.基于移动智能终端的信息通信资源申请APP的应用[J].电子技术与软件工程,2019,0(20):56-57.
6张伟,王宜怀.云系统的安全性增强算法研究[J].计算机工程,2019,45(10):150-154. 被引量：2
7景红娜,闫学娜,张继蕾.计算机应用基础教学改革与实践[J].中国教育技术装备,2019,0(9):74-76.
8郑志霞,王慧,李丽.“互联网+”背景下以就业为导向的高职英语教学改革研究[J].校园英语,2019(39):89-89. 被引量：2
9李德奇,何鹏飞.农村体育公共资源的配置机制研究[J].科技资讯,2019,17(22):206-206. 被引量：2
10钟再群.对标对表政策，保障农村饮水安全[J].湖南水利水电,2019(5):4-5.

计算机系统应用

2019年第10期

浏览历史

内容加载中请稍等...

基于配对函数调用场景的设备驱动漏洞检测

参考文献1

二级参考文献25

相关作者

相关机构

相关主题

浏览历史