Affordable Access

Access to the full text

MEBS: Uncovering Memory Life-Cycle Bugs in Operating System Kernels

Authors
  • Zhang, Gen1
  • Wang, Peng-Fei1
  • Yue, Tai1
  • Zhou, Xu1
  • Lu, Kai1
  • 1 National University of Defense Technology, Changsha, 410073, China , Changsha (China)
Type
Published Article
Journal
Journal of Computer Science and Technology
Publisher
Springer-Verlag
Publication Date
Nov 30, 2021
Volume
36
Issue
6
Pages
1248–1268
Identifiers
DOI: 10.1007/s11390-021-1593-4
Source
Springer Nature
Keywords
Disciplines
  • Regular Paper
License
Yellow

Abstract

Allocation, dereferencing, and freeing of memory data in kernels are coherently linked. There widely exist real cases where the correctness of memory is compromised. This incorrectness in kernel memory brings about significant security issues, e.g., information leaking. Though memory allocation, dereferencing, and freeing are closely related, previous work failed to realize they are closely related. In this paper, we study the life-cycle of kernel memory, which consists of allocation, dereferencing, and freeing. Errors in them are called memory life-cycle (MLC) bugs. We propose an in-depth study of MLC bugs and implement a memory life-cycle bug sanitizer (MEBS) for MLC bug detection. Utilizing an inter-procedural global call graph and novel identification approaches, MEBS can reveal memory allocation, dereferencing, and freeing sites in kernels. By constructing a modified define-use chain and examining the errors in the life-cycle, MLC bugs can be identified. Moreover, the experimental results on the latest kernels demonstrate that MEBS can effectively detect MLC bugs, and MEBS can be scaled to different kernels. More than 100 new bugs are exposed in Linux and FreeBSD, and 12 common vulnerabilities and exposures (CVE) are assigned.

Report this publication

Statistics

Seen <100 times