Affordable Access

Access to the full text

AMCheX: Accurate Analysis of Missing-Check Bugs for Linux Kernel

Authors
  • Wang, Ying-Jie1
  • Yin, Liang-Ze1
  • Dong, Wei1
  • 1 College of Computer Science National University of Defense Technology, Changsha, 410073, China , Changsha (China)
Type
Published Article
Journal
Journal of Computer Science and Technology
Publisher
Springer-Verlag
Publication Date
Nov 30, 2021
Volume
36
Issue
6
Pages
1325–1341
Identifiers
DOI: 10.1007/s11390-021-1666-4
Source
Springer Nature
Keywords
Disciplines
  • Regular Paper
License
Yellow

Abstract

The Linux kernel adopts a large number of security checks to prevent security-sensitive operations from being executed under unsafe conditions. If a security-sensitive operation is unchecked, a missing-check issue arises. Missing check is a class of severe bugs in software programs especially in operating system kernels, which may cause a variety of security issues, such as out-of-bound accesses, permission bypasses, and privilege escalations. Due to the lack of security specifications, how to automatically identify security-sensitive operations and their required security checks in the Linux kernel becomes a challenge for missing-check analysis. In this paper, we present an accurate missing-check analysis method for Linux kernel, which can automatically infer possible security-sensitive operations. Particularly, we first automatically identify all possible security check functions of Linux. Then according to their callsites, a two-direction analysis method is leveraged to identify possible security-sensitive operations. A missing-check bug is reported when the security-sensitive operation is not protected by its corresponding security check. We have implemented our method as a tool, named AMCheX, on top of the LLVM (Low Level Virtual Machine) framework and evaluated it on the Linux kernel. AMCheX reported 12 new missing-check bugs which can cause security issues. Five of them have been confirmed by Linux maintainers.

Report this publication

Statistics

Seen <100 times