Abstract
The detection of missing security operations is a complex task in software engineering, mainly due to the semantic and contextual understanding required. Prior research efforts have employed similar path differential analysis to detect missing security operations, but these approaches have been limited in their ability to simultaneously compare the similarity of intra- and inter-procedural paths. To address this limitation, this paper proposes a novel approach called SSD that can detect multiple missing security operation bugs both intra- and inter-procedurally. Our approach collects slices with similar semantics and contexts based on four program slicing criteria, providing more versatile construction of similar slices and more comprehensive detection than previous works. In our experiments, we have identified 65 real bugs in the Linux kernel, of which we have verified 27 as fixed bugs and submitted the remaining 38 for patching. The Linux maintainers have accepted 19 of these patches, confirming the effectiveness and availability of SSD.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
CVE Details (2022). https://www.cvedetails.com/
Ahmadi, M., Farkhani, R.M., Williams, R., Lu, L.: Finding bugs using your own code: detecting functionally-similar yet inconsistent code. In: USENIX Security Symposium, pp. 2025–2040. USENIX Association (2021)
Akritidis, P., Cadar, C., Raiciu, C., Costa, M., Castro, M.: Preventing memory error exploits with WIT. In: 2008 IEEE Symposium on Security and Privacy (S &P 2008), 18–21 May 2008, Oakland, California, USA, pp. 263–277. IEEE Computer Society (2008). https://doi.org/10.1109/SP.2008.30
Bletsch, T., Jiang, X., Freeh, V.: Mitigating code-reuse attacks with control-flow locking. In: Proceedings of the 27th Annual Computer Security Applications Conference, pp. 353–362. Association for Computing Machinery (2011). https://doi.org/10.1145/2076732.2076783
Chen, X., et al.: VulChecker: achieving more effective taint analysis by identifying sanitizers automatically. In: 2021 IEEE 20th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 774–782. IEEE (2021). https://doi.org/10.1109/TrustCom53373.2021.00112
Engler, D., Chen, D.Y., Hallem, S., Chou, A., Chelf, B.: Bugs as deviant behavior: a general approach to inferring errors in systems code. SIGOPS Oper. Syst. Rev. 35(5), 57–72 (2001). https://doi.org/10.1145/502059.502041
Liu, D., et al.: Detecting missed security operations through differential checking of object-based similar paths. In: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, pp. 1627–1644. ACM (2021). https://doi.org/10.1145/3460120.3485373
Liu, Y., Chen, X., Yang, Z., Wen, W.: Automatically constructing peer slices via semantic and context-aware security checks in the Linux kernel. In: 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops, DSN Workshops, Taipei, Taiwan, 21–24 June 2021, pp. 108–113. IEEE (2021). https://doi.org/10.1109/DSN-W52860.2021.00028
Lu, K., Hu, H.: Where does it go?: refining indirect-call targets with multi-layer type analysis. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, CCS 2019, London, UK, 11–15 November 2019, pp. 1867–1881. ACM (2019). https://doi.org/10.1145/3319535.3354244
Lu, K., Pakki, A., Wu, Q.: Automatically identifying security checks for detecting kernel semantic bugs. In: Sako, K., Schneider, S., Ryan, P.Y.A. (eds.) ESORICS 2019, Part II. LNCS, vol. 11736, pp. 3–25. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-29962-0_1
Lu, K., Pakki, A., Wu, Q.: Detecting missing-check bugs via semantic- and context-aware criticalness and constraints inferences. In: 28th USENIX Security Symposium, USENIX Security 2019, Santa Clara, CA, USA, 14–16 August 2019, pp. 1769–1786. USENIX Association (2019)
Mao, J., Chen, Y., Xiao, Q., Shi, Y.: RID: finding reference count bugs with inconsistent path pair checking. In: Proceedings of the Twenty-First International Conference on Architectural Support for Programming Languages and Operating Systems, pp. 531–544 (2016)
Min, C., Kashyap, S., Lee, B., Song, C., Kim, T.: Cross-checking semantic correctness: the case of finding file system bugs. In: Proceedings of the 25th Symposium on Operating Systems Principles, SOSP 2015, pp. 361–377. Association for Computing Machinery (2015). https://doi.org/10.1145/2815400.2815422
Pakki, A., Lu, K.: Exaggerated error handling hurts! An in-depth study and context-aware detection. In: CCS 2020: 2020 ACM SIGSAC Conference on Computer and Communications Security, Virtual Event, USA, 9–13 November 2020, pp. 1203–1218. ACM (2020). https://doi.org/10.1145/3372297.3417256
Saha, S., Lozi, J.P., Thomas, G., Lawall, J.L., Muller, G.: Hector: detecting resource-release omission faults in error-handling code for systems software. In: 2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 1–12. IEEE (2013)
Wang, W., Lu, K., Yew, P.C.: Check it again: detecting Lacking-Recheck bugs in OS kernels. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 1899–1913. Association for Computing Machinery (2018). https://doi.org/10.1145/3243734.3243844
Weiser, M.D.: Program slices: formal, psychological, and practical investigations of an automatic program abstraction method. University of Michigan (1979)
Wu, Q., He, Y., McCamant, S., Lu, K.: Precisely characterizing security impact in a flood of patches via symbolic rule comparison. In: 27th Annual Network and Distributed System Security Symposium, NDSS 2020, San Diego, California, USA, 23–26 February 2020. The Internet Society (2020)
Yun, I., Min, C., Si, X., Jang, Y., Kim, T., Naik, M.: APISan: sanitizing API usages through semantic cross-checking. In: 25th USENIX Security Symposium, USENIX Security 2016, Austin, TX, USA, 10–12 August 2016, pp. 363–378. USENIX Association (2016)
Zhang, T., Shen, W., Lee, D., Jung, C., Azab, A.M., Wang, R.: PeX: a permission check analysis framework for Linux kernel. In: 28th USENIX Security Symposium (2019)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendix
Appendix
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Fu, Y. et al. (2023). Finding Missing Security Operation Bugs via Program Slicing and Differential Check. In: Wang, D., Yung, M., Liu, Z., Chen, X. (eds) Information and Communications Security. ICICS 2023. Lecture Notes in Computer Science, vol 14252. Springer, Singapore. https://doi.org/10.1007/978-981-99-7356-9_41
Download citation
DOI: https://doi.org/10.1007/978-981-99-7356-9_41
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-99-7355-2
Online ISBN: 978-981-99-7356-9
eBook Packages: Computer ScienceComputer Science (R0)