673 research outputs found
Understanding Concurrency Vulnerabilities in Linux Kernel
While there is a large body of work on analyzing concurrency related software
bugs and developing techniques for detecting and patching them, little
attention has been given to concurrency related security vulnerabilities. The
two are different in that not all bugs are vulnerabilities: for a bug to be
exploitable, there needs be a way for attackers to trigger its execution and
cause damage, e.g., by revealing sensitive data or running malicious code. To
fill the gap, we conduct the first empirical study of concurrency
vulnerabilities reported in the Linux operating system in the past ten years.
We focus on analyzing the confirmed vulnerabilities archived in the Common
Vulnerabilities and Exposures (CVE) database, which are then categorized into
different groups based on bug types, exploit patterns, and patch strategies
adopted by developers. We use code snippets to illustrate individual
vulnerability types and patch strategies. We also use statistics to illustrate
the entire landscape, including the percentage of each vulnerability type. We
hope to shed some light on the problem, e.g., concurrency vulnerabilities
continue to pose a serious threat to system security, and it is difficult even
for kernel developers to analyze and patch them. Therefore, more efforts are
needed to develop tools and techniques for analyzing and patching these
vulnerabilities.Comment: It was finished in Oct 201
How Double-Fetch Situations turn into Double-Fetch Vulnerabilities: A Study of Double Fetches in the Linux Kernel
We present the first static approach that systematically
detects potential double-fetch vulnerabilities in the Linux kernel. Using a pattern-based analysis, we identified 90
double fetches in the Linux kernel. 57 of these occur
in drivers, which previous dynamic approaches were unable
to detect without access to the corresponding hardware.
We manually investigated the 90 occurrences, and
inferred three typical scenarios in which double fetches
occur. We discuss each of them in detail. We further developed
a static analysis, based on the Coccinelle matching
engine, that detects double-fetch situations which can
cause kernel vulnerabilities. When applied to the Linux,
FreeBSD, and Android kernels, our approach found six
previously unknown double-fetch bugs, four of them in
drivers, three of which are exploitable double-fetch vulnerabilities.
All of the identified bugs and vulnerabilities
have been confirmed and patched by maintainers. Our
approach has been adopted by the Coccinelle team and
is currently being integrated into the Linux kernel patch
vetting. Based on our study, we also provide practical solutions
for anticipating double-fetch bugs and vulnerabilities.
We also provide a solution to automatically patch
detected double-fetch bugs
Understanding Persistent-Memory Related Issues in the Linux Kernel
Persistent memory (PM) technologies have inspired a wide range of PM-based
system optimizations. However, building correct PM-based systems is difficult
due to the unique characteristics of PM hardware. To better understand the
challenges as well as the opportunities to address them, this paper presents a
comprehensive study of PM-related issues in the Linux kernel. By analyzing
1,553 PM-related kernel patches in-depth and conducting experiments on
reproducibility and tool extension, we derive multiple insights in terms of PM
patch categories, PM bug patterns, consequences, fix strategies, triggering
conditions, and remedy solutions. We hope our results could contribute to the
development of robust PM-based storage systemsComment: ACM TRANSACTIONS ON STORAGE(TOS'23
Recommended from our members
Concurrency Attacks
Just as errors in sequential programs can lead to security exploits, errors in concurrent programs can lead to concurrency attacks. In this paper, we present an in-depth study of concurrency attacks and how they may affect existing defenses. Our study yields several interesting findings. For instance, we find that concurrency attacks can corrupt non-pointer data, such as user identifiers, which existing memory-safety defenses cannot handle. Inspired by our findings, we propose new defense directions and fixes to existing defenses
Concurrency attacks
Just as errors in sequential programs can lead to security exploits, errors in concurrent programs can lead to concurrency attacks. In this paper, we present an in-depth study of concurrency attacks and how they may affect existing defenses. Our study yields several interesting findings. For instance, we find that concurrency attacks can corrupt non-pointer data, such as user identifiers, which existing memory-safety defenses cannot handle. Inspired by our findings, we propose new defense directions and fixes to existing defenses.
Dynamic Race Prediction in Linear Time
Writing reliable concurrent software remains a huge challenge for today's
programmers. Programmers rarely reason about their code by explicitly
considering different possible inter-leavings of its execution. We consider the
problem of detecting data races from individual executions in a sound manner.
The classical approach to solving this problem has been to use Lamport's
happens-before (HB) relation. Until now HB remains the only approach that runs
in linear time. Previous efforts in improving over HB such as causally-precedes
(CP) and maximal causal models fall short due to the fact that they are not
implementable efficiently and hence have to compromise on their race detecting
ability by limiting their techniques to bounded sized fragments of the
execution. We present a new relation weak-causally-precedes (WCP) that is
provably better than CP in terms of being able to detect more races, while
still remaining sound. Moreover it admits a linear time algorithm which works
on the entire execution without having to fragment it.Comment: 22 pages, 8 figures, 1 algorithm, 1 tabl
Dynamically detecting and tolerating IF-Condition Data Races
An IF-Condition Invariance Violation (ICIV) occurs when, after a thread has computed the control expression of an IF statement and while it is executing the THEN or ELSE clauses, another thread updates variables in the IF’s control expression. An ICIV can be easily detected, and is likely to be a sign of a concurrency bug in the code. Typically, the ICIV is caused by a data race, which we call IF-Condition Data Race (ICR). In this paper, we analyze the data races reported in the bug databases of popular software systems and show that ICRs occur relatively often. Then, we present two techniques to handle ICRs dynamically. They rely on simple code transformations and, in one case, additional hardware help. One of them (SW-IF) detects the races, while the other (HW-IF) detects and prevents them. We evaluate SW-IF and HW-IF using a variety of applica-tions. We show that these new techniques are effective at finding new data race bugs and run with low overhead. Specifically, HW-IF finds 5 new (unreported) race bugs and SW-IF finds 3 of them. In addition, 8-threaded executions of SPLASH-2 codes show that, on average, SW-IF adds 2 % execution overhead, while HW-IF adds less than 1%. 1
- …