SaTC: CORE: Small: Collaborative: Towards Facilitating Kernel Vulnerability Reproduction by Fusing Crowd and Machine Generated Data

SaTC：核心：小型：协作：通过融合人群和机器生成的数据来促进内核漏洞再现

• 批准号: 1954466
• 负责人: Xinyu Xing
• 金额: $ 32.13万
• 依托单位: Pennsylvania State Univ University Park
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2020
• 资助国家: 美国
• 起止时间: 2020-10-01 至 2022-05-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1954466&HistoricalAwards=false
• 关键词: SaTC; CORE; Small; Collaborative; Towards

The kernel is the core piece of software in a computer's operating system. Due to the high complexity of kernel software, finding all vulnerabilities during the development phase is nearly impossible. In recent years, crowdsourcing efforts have shown great success in discovering kernel vulnerabilities, where security professionals, hackers, and users can all contribute by submitting kernel bug reports. However, research shows that many vulnerability reports, including those generated by automated tools (e.g., kernel fuzzers), are not easily reproducible. Non-reproducible reports can cause significant delays to the patching process or lead kernel vendors to misjudge the severity of the vulnerability. Preliminary research shows vulnerability reports are not reproducible due to 1) missing information on the compilation configuration; (2) a lack of data to construct the contexts for triggering the bug; and (3) inaccurate or incomplete information about the vulnerable kernel versions. This project will develop new approaches combining crowd-reported and machine-generated data and static-dynamic program analysis to automate the process of inferring, constructing, and validating the needed information for kernel-vulnerability reproduction.This project will provide much-needed automation for reproducing kernel bugs and vulnerabilities. If successful, the project will significantly advance computer security (for kernel vulnerability analysis) and contribute to the field of software engineering (for bug diagnosis and assessment). By improving the reproduction rate of kernel bugs, this project will also help with other parallel efforts for vulnerability patching and remediation. The expected advancements are three-fold. (1) The team will develop novel inference methods to infer the kernel compilation configuration based on memory snapshots and code segments in the bug reports. It will design new approaches to handle the untrusted or corrupted memory dumps caused by the bugs. (2) Team members will develop new mechanisms to construct precise triggering contexts to trigger the reported bugs (via kernel fault manipulation and injection). The context construction method is also able to pinpoint relevant faulty processes and handle kernel interrupt correctly. (3) New fuzzing tools will be designed to migrate input programs to enable much broader bug testing across kernel versions, and new methods to quickly determine non-vulnerable versions.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

内核是计算机操作系统中的核心软件。由于内核软件的高度复杂性，在开发阶段找到所有漏洞几乎是不可能的。近年来，众包工作在发现内核漏洞方面取得了巨大成功，安全专业人员、黑客和用户都可以通过提交内核错误报告来做出贡献。然而，研究表明，许多漏洞报告，包括由自动化工具（例如内核模糊器）生成的漏洞报告，都不容易重现。不可重现的报告可能会导致修补过程显着延迟，或导致内核供应商误判漏洞的严重性。初步研究表明，漏洞报告不可重现，原因是：1）缺少编译配置信息； (2) 缺乏数据来构建触发 bug 的上下文； (3) 有关易受攻击的内核版本的信息不准确或不完整。该项目将开发新方法，将人群报告和机器生成的数据与静态动态程序分析相结合，以自动化推断、构建和验证内核漏洞复制所需信息的过程。该项目将为以下领域提供急需的自动化：重现内核错误和漏洞。如果成功，该项目将显着提高计算机安全性（用于内核漏洞分析），并为软件工程领域（用于错误诊断和评估）做出贡献。通过提高内核错误的重现率，该项目还将有助于其他并行的漏洞修补和修复工作。预期的进步是三倍。 (1) 团队将开发新颖的推理方法，根据错误报告中的内存快照和代码段来推断内核编译配置。它将设计新的方法来处理由错误引起的不受信任或损坏的内存转储。 (2) 团队成员将开发新的机制来构建精确的触发上下文来触发所报告的错误（通过内核错误操纵和注入）。上下文构造方法还能够查明相关的故障进程并正确处理内核中断。 (3) 新的模糊测试工具将被设计用于迁移输入程序，以实现跨内核版本更广泛的错误测试，以及快速确定不易受攻击版本的新方法。该奖项反映了 NSF 的法定使命，并通过使用基金会的智力价值和更广泛的影响审查标准。