Abstract
A strategy for searching for exploitable races is derived, implemented and evaluated. It aims at the detection of inconsistent behaviour due to irregularly interleaved instructions of concurrent threads. The search for internal races focuses on particular data flow patterns targeting the occurrence of internal races by enforcing different orders of reading and writing operations; it is guided by symbolic expressions of interleaved paths and constraint solving. The possibility of propagating internal races to system races is subsequently considered. An exemplifying application of the approach proposed illustrates its practicality.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Al Sardy, L., Neubaum, A., Saglietti, F., Rudrich, D.: Comparative evaluation of security fuzzing approaches. In: Romanovsky, A., Troubitsyna, E., Gashi, I., Schoitsch, E., Bitsch, F. (eds.) SAFECOMP 2019. LNCS, vol. 11699, pp. 49–61. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26250-1_4
Al Sardy, L., Saglietti, F., Tang, T., Sonnenberg, H.: Constraint-based testing for buffer overflows. In: Gallina, B., Skavhaug, A., Schoitsch, E., Bitsch, F. (eds.) SAFECOMP 2018. LNCS, vol. 11094, pp. 99–111. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-99229-7_10
Baldoni, R., Coppa, E., D’Elia, D., Demetrescu, C., Finocchi, I.: A survey of symbolic execution techniques. ACM Comput. Surv. 51(3), 1–39 (2018)
Cadar, C., Dunbar, D., Engler, D.: KLEE: unassisted and automatic generation of high-coverage tests for complex system programs. In: USENIX Symposium on Operating Systems Design and Implementation, pp. 209–224. USENIX Association (2008)
Cisco: Most common CWE vulnerabilities. Annual Cybersecurity Report (2018)
de Moura, L., Bjørner, N.: Z3: an efficient SMT solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337–340. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78800-3_24
Ganesh, V., Dill, D.L.: A decision procedure for bit-vectors and arrays. In: Damm, W., Hermanns, H. (eds.) CAV 2007. LNCS, vol. 4590, pp. 519–531. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-73368-3_52
MITRE Corporation: Common Weakness Enumeration (CWE), Top 25 Most Dangerous Software Weaknesses (2020)
MITRE Corporation: Common Vulnerabilities and Exposures (CVE) including race reports CVE-2020-1839, CVE-2022-29582, CVE-2022-29527, CVE-2022-25165, CVE-2022-25090
Musuvathi, M.: Systematic concurrency testing using CHESS. In: Workshop on Parallel and Distributed Systems: Testing, Analysis, and Debugging. ACM (2008)
Neubaum, A., Al Sardy, L., Spisländer, M., Saglietti, F., Biener, Y.: Testing for IT security: a guided search pattern for exploitable vulnerability classes. In: Habli, I., Sujan, M., Gerasimou, S., Schoitsch, E., Bitsch, F. (eds.) SAFECOMP 2021. LNCS, vol. 12853, pp. 105–116. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-83906-2_8
Nowotka, D., Traub, J.: MEMICS – Memory Interval Constraint Solving of (concurrent) Machine Code. Automotive – Safety & Security, LNI 210, pp. 69–83, Springer (2012)
Oulu University Secure Programming Group (OUSPG): Radamsa (2010)
Park, S., Lu, S., Zhou, Y.: CTrigger: exposing atomicity violation bugs from their hiding places. In: International Conference Architectural Support for Programming Languages and Operating Systems, vol. 37, pp. 25–36. ACM (2009)
Qadeer, S., Wu, D.: KISS: keep it simple and sequential. SIGPLAN Not. 39, 14–24 (2004)
Sen, K.: Race directed random testing of concurrent programs. In: SIGPLAN Conference on Programming Language Design and Implementation, pp. 11–21. ACM (2008)
Sorrentino, F., Farzan, A., Parthasarathy, M.: PENELOPE: weaving threads to expose atomicity violations. In: International Symposium on Foundations of Software Engineering (FSE 2010), pp. 37–46. ACM (2010)
Yu, J., Narayanasamy, S., Pereira, C., Pokam, G.: Maple: a coverage-driven testing tool for multithreaded programs. In: International Conference on Object Oriented Programming Systems Languages and Applications, pp. 485–502. ACM (2012)
Yun, I., Lee, S., Xu, M., Jang, Y., Kim, T.: QSYM: a practical concolic execution engine tailored for hybrid fuzzing. In: USENIX Security Symposium, pp. 745–761. USENIX (2018)
Zalewski, M.: American Fuzzy Lop (AFL) (2017)
Acknowledgment
The authors gratefully acknowledge that the work presented was supported by the German Federal Ministry for Economic Affairs and Energy (BMWi), project no. 1501600C (SMARTEST2).
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Neubaum, A., Al Sardy, L., Spisländer, M., Saglietti, F., Kretschmer, S. (2022). A Guided Search for Races Based on Data Flow Patterns. In: Trapp, M., Schoitsch, E., Guiochet, J., Bitsch, F. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2022 Workshops . SAFECOMP 2022. Lecture Notes in Computer Science, vol 13415. Springer, Cham. https://doi.org/10.1007/978-3-031-14862-0_10
Download citation
DOI: https://doi.org/10.1007/978-3-031-14862-0_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-14861-3
Online ISBN: 978-3-031-14862-0
eBook Packages: Computer ScienceComputer Science (R0)