19 research outputs found
Understanding Concurrency Vulnerabilities in Linux Kernel
While there is a large body of work on analyzing concurrency related software
bugs and developing techniques for detecting and patching them, little
attention has been given to concurrency related security vulnerabilities. The
two are different in that not all bugs are vulnerabilities: for a bug to be
exploitable, there needs be a way for attackers to trigger its execution and
cause damage, e.g., by revealing sensitive data or running malicious code. To
fill the gap, we conduct the first empirical study of concurrency
vulnerabilities reported in the Linux operating system in the past ten years.
We focus on analyzing the confirmed vulnerabilities archived in the Common
Vulnerabilities and Exposures (CVE) database, which are then categorized into
different groups based on bug types, exploit patterns, and patch strategies
adopted by developers. We use code snippets to illustrate individual
vulnerability types and patch strategies. We also use statistics to illustrate
the entire landscape, including the percentage of each vulnerability type. We
hope to shed some light on the problem, e.g., concurrency vulnerabilities
continue to pose a serious threat to system security, and it is difficult even
for kernel developers to analyze and patch them. Therefore, more efforts are
needed to develop tools and techniques for analyzing and patching these
vulnerabilities.Comment: It was finished in Oct 201
Anatomical physiological and biochemical processes involved in grapevine rootstock drought tolerance
In order to explore the drought resistance mechanism of grape rootstocks, two grape rootstock species, '1103P' (a drought-tolerant rootstock) and '101-14M' (drought-sensitive), were treated with moderate water deficit (field capacity of 45-50 %). Throughout the experimental period, the leaves of '1103P' showed a higher stomatal conductance (gs), relative water content and photosynthetic rate (Pn) than '101-14M', indicating '1103P' was more resistant to tolerant than '101-14M'. We propose that '1103P' could prevent water loss from leaves under drought conditions based on the discoveries that '1103P' had higher leaf phytohormone abscisic acid (ABA) content and leaf cuticular wax content, and smaller stomata aperture than those of '101-14M'. Additionally, the activities of H2O2-scavenging enzymes in leaves of '1103P' were higher than those of '101-14M' under drought conditions, indicating the lipid peroxidation induced by H2O2 of '1103P' was less serious than that of '101-14M'. Therefore, better water-saving and higher reactive oxygen species (ROS) scavenging abilities contributed together to stronger drought resistance of '1103P' than '101-14M'
Eunomia: Enabling User-specified Fine-Grained Search in Symbolically Executing WebAssembly Binaries
Although existing techniques have proposed automated approaches to alleviate
the path explosion problem of symbolic execution, users still need to optimize
symbolic execution by applying various searching strategies carefully. As
existing approaches mainly support only coarse-grained global searching
strategies, they cannot efficiently traverse through complex code structures.
In this paper, we propose Eunomia, a symbolic execution technique that allows
users to specify local domain knowledge to enable fine-grained search. In
Eunomia, we design an expressive DSL, Aes, that lets users precisely pinpoint
local searching strategies to different parts of the target program. To further
optimize local searching strategies, we design an interval-based algorithm that
automatically isolates the context of variables for different local searching
strategies, avoiding conflicts between local searching strategies for the same
variable. We implement Eunomia as a symbolic execution platform targeting
WebAssembly, which enables us to analyze applications written in various
languages (like C and Go) but can be compiled into WebAssembly. To the best of
our knowledge, Eunomia is the first symbolic execution engine that supports the
full features of the WebAssembly runtime. We evaluate Eunomia with a dedicated
microbenchmark suite for symbolic execution and six real-world applications.
Our evaluation shows that Eunomia accelerates bug detection in real-world
applications by up to three orders of magnitude. According to the results of a
comprehensive user study, users can significantly improve the efficiency and
effectiveness of symbolic execution by writing a simple and intuitive Aes
script. Besides verifying six known real-world bugs, Eunomia also detected two
new zero-day bugs in a popular open-source project, Collections-C.Comment: Accepted by ACM SIGSOFT International Symposium on Software Testing
and Analysis (ISSTA) 202
Recommended from our members
Assertion guided symbolic execution of multithreaded programs
Symbolic execution is a powerful technique for systematic testing of sequential and multithreaded programs. However, its application is limited by the high cost of covering all feasible intra-thread paths and inter-thread interleavings. We propose a new assertion guided pruning framework that identifies executions guaranteed not to lead to an error and removes them during symbolic execution. By summarizing the reasons why previously explored executions cannot reach an error and using the information to prune redundant executions in the future, we can soundly reduce the search space. We also use static concurrent program slicing and heuristic minimization of symbolic constraints to further reduce the computational overhead. We have implemented our method in the Cloud9 symbolic execution tool and evaluated it on a large set of multithreaded C/C++ programs. Our experiments show that the new method can reduce the overall computational cost significantly
Detecting Multi-Sensor Fusion Errors in Advanced Driver-Assistance Systems
Advanced Driver-Assistance Systems (ADAS) have been thriving and widely
deployed in recent years. In general, these systems receive sensor data,
compute driving decisions, and output control signals to the vehicles. To
smooth out the uncertainties brought by sensor outputs, they usually leverage
multi-sensor fusion (MSF) to fuse the sensor outputs and produce a more
reliable understanding of the surroundings. However, MSF cannot completely
eliminate the uncertainties since it lacks the knowledge about which sensor
provides the most accurate data and how to optimally integrate the data
provided by the sensors. As a result, critical consequences might happen
unexpectedly. In this work, we observed that the popular MSF methods in an
industry-grade ADAS can mislead the car control and result in serious safety
hazards. We define the failures (e.g., car crashes) caused by the faulty MSF as
fusion errors and develop a novel evolutionary-based domain-specific search
framework, FusED, for the efficient detection of fusion errors. We further
apply causality analysis to show that the found fusion errors are indeed caused
by the MSF method. We evaluate our framework on two widely used MSF methods in
two driving environments. Experimental results show that FusED identifies more
than 150 fusion errors. Finally, we provide several suggestions to improve the
MSF methods we study