SaTC: CORE: Small: Checking Security Checks in OS Kernels

SaTC：核心：小：检查操作系统内核中的安全检查

• 批准号: 1931208
• 负责人: Kangjie Lu
• 金额: $ 50万
• 依托单位: University of Minnesota-Twin Cities
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2019
• 资助国家: 美国
• 起止时间: 2019-10-01 至 2023-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1931208&HistoricalAwards=false
• 关键词: SaTC; CORE; Small; Checking; Security

Operating system (OS) kernels play a critical role in computer systems by virtually having complete control over the systems. OS kernels not only manage hardware and system resources, but also provide services and protection. Given these tasks, OS kernels have to process external untrusted inputs and perform complicated operations, both of which are error-prone. To avoid entering into erroneous states, OS kernels tend to enforce a large number of security checks---"if" and "switch" statements that are used to validate states. Unfortunately, security checks themselves are often buggy. In particular, a security check may be missing or incomplete, be placed in an improper location, target a wrong variable, etc. Buggy security checks often cause critical security impact because the intended validation for potential errors can be void. This project aims to systematically investigate security checks in OS kernels, to automatically identify security checks, and to develop a set of new techniques to detect the common classes of security-check bugs. This project is expected to effectively find a potentially large number of previously unknown security-check bugs in widely used OS kernels, and thus to significantly improve the security of computer systems with billions of users. The broader educational activities of this project include integrating research with outreach, organizing Capture The Flag competitions among universities and industries in Minnesota, and developing courses for training interdisciplinary and underrepresented students.The goal of this project is to systematically investigate security checks and effectively detect the common and critical security-check bugs in popular OS kernels, including the Linux kernel, the Android kernel, the FreeBSD kernel, Darwin-XNU (MacOS), and ReactOS (Windows-like). The project is comprised of two main research thrusts: (1) identifying security checks and (2) detecting security-check bugs. Both research thrusts are challenging because they require the understanding of code semantics and contexts, and even developer logic. Therefore, this project develops a set of semantic-and context-aware approaches. This project also enhances existing techniques such as fuzzing and symbolic execution to effectively and scalably detect security-check bugs. Multiple general techniques developed in this project, such as accurately finding indirect-call targets, identifying semantically-similar peer code paths, modeling OS-kernel boundary, would also advance future research on systems analysis and protection.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

操作系统（OS）内核实际上可以完全控制系统，在计算机系统中起关键作用。 OS内核不仅管理硬件和系统资源，还提供服务和保护。鉴于这些任务，OS内核必须处理外部不信任输入并执行复杂的操作，这两者都容易出错。为了避免进入错误的状态，OS内核倾向于执行大量的安全检查----“如果”和“开关”语句，这些语句用于验证状态。 不幸的是，安全检查本身通常是越野车。 特别是，安全检查可能丢失或不完整，将其放置在不正确的位置，定位错误的变量等。错误的安全检查通常会引起关键的安全性影响，因为潜在错误的预期验证可能是无效的。 该项目旨在系统地研究OS内核中的安全检查，以自动识别安全检查，并开发一组新技术来检测公共类别的安全检查错误类别。 预计该项目将有效地在广泛使用的OS内核中找到可能有大量以前未知的安全检查错误，因此可以显着提高具有数十亿用户的计算机系统的安全性。 该项目的更广泛的教育活动包括将研究与外展结合，组织明尼苏达州大学和行业之间的国旗竞赛，以及开发培训跨学科和代表性不足的学生的课程。流行的OS内核中的常见和关键的安全检查错误，包括Linux内核，Android内核，FreeBSD内核，Darwin-XNU（MACOS）和ReactOS（类似Windows）。该项目由两个主要的研究推力组成：（1）识别安全检查和（2）检测安全检查错误。这两种研究的推力都具有挑战性，因为它们需要对代码语义和环境，甚至开发人员逻辑的理解。因此，该项目开发了一系列语义和上下文感知的方法。该项目还增强了现有技术，例如模糊和象征性执行，以有效，可伸缩检测安全检查错误。该项目中开发的多种通用技术，例如准确找到间接通话目标，确定语义相似的同伴代码路径，对OS-KERNEL边界进行建模，也将推动对系统分析和保护的未来研究。这项奖项反映了NSF的法定任务，并具有使用基金会的知识分子优点和更广泛的审查标准，被认为值得通过评估来支持。

项目成果

Context-Sensitive and Directional Concurrency Fuzzing for Data-Race Detection

• DOI: 10.14722/ndss.2022.24296
• 发表时间: 2022
• 期刊: Proceedings 2022 Network and Distributed System Security Symposium
• 作者: Zu-Ming Jiang;Jia-Ju Bai;Kangjie Lu;Shih-Min Hu

Detecting Missed Security Operations Through Differential Checking of Object-based Similar Paths

• DOI: 10.1145/3460120.3485373
• 发表时间: 2021-11
• 期刊: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security
• 作者: Dinghao Liu;Qiushi Wu;S. Ji;Kangjie Lu;Zhenguang Liu;Jianhai Chen;Qinming He

Detecting Kernel Memory Leaks in Specialized Modules with Ownership Reasoning

• DOI: 10.14722/ndss.2021.24416
• 发表时间: 2021
• 期刊: Proceedings 2021 Network and Distributed System Security Symposium
• 作者: Navid Emamdoost

On the Feasibility of Automated Built-in Function Modeling for PHP Symbolic Execution

论PHP符号执行的自动内置函数建模的可行性

• DOI: 10.1145/3442381.3450002
• 发表时间: 2021
• 期刊: the 30th International World Wide Web Conference (WWW'21
• 作者: Li, Penghui;Meng, Wei;Lu, Kangjie;Luo, Changhua
• 通讯作者: Luo, Changhua

Precisely Characterizing Security Impact in a Flood of Patches via Symbolic Rule Comparison

• DOI: 10.14722/ndss.2020.24419
• 发表时间: 2020
• 作者: Qiushi Wu;Yang He;Stephen McCamant;Kangjie Lu