Skip to main content
SpringerLink
Log in

Finding Missing Security Operation Bugs via Program Slicing and Differential Check

  • Conference paper
  • First Online:
Information and Communications Security (ICICS 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14252))

Included in the following conference series:

  • 655 Accesses

Abstract

The detection of missing security operations is a complex task in software engineering, mainly due to the semantic and contextual understanding required. Prior research efforts have employed similar path differential analysis to detect missing security operations, but these approaches have been limited in their ability to simultaneously compare the similarity of intra- and inter-procedural paths. To address this limitation, this paper proposes a novel approach called SSD that can detect multiple missing security operation bugs both intra- and inter-procedurally. Our approach collects slices with similar semantics and contexts based on four program slicing criteria, providing more versatile construction of similar slices and more comprehensive detection than previous works. In our experiments, we have identified 65 real bugs in the Linux kernel, of which we have verified 27 as fixed bugs and submitted the remaining 38 for patching. The Linux maintainers have accepted 19 of these patches, confirming the effectiveness and availability of SSD.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://github.com/torvalds/linux/blob/v5.15/virt/kvm/eventfd.c.

  2. 2.

    https://github.com/torvalds/linux/blob/v5.15/virt/kvm/coalesced_mmio.c.

References

  1. CVE Details (2022). https://www.cvedetails.com/

  2. Ahmadi, M., Farkhani, R.M., Williams, R., Lu, L.: Finding bugs using your own code: detecting functionally-similar yet inconsistent code. In: USENIX Security Symposium, pp. 2025–2040. USENIX Association (2021)

    Google Scholar 

  3. Akritidis, P., Cadar, C., Raiciu, C., Costa, M., Castro, M.: Preventing memory error exploits with WIT. In: 2008 IEEE Symposium on Security and Privacy (S &P 2008), 18–21 May 2008, Oakland, California, USA, pp. 263–277. IEEE Computer Society (2008). https://doi.org/10.1109/SP.2008.30

  4. Bletsch, T., Jiang, X., Freeh, V.: Mitigating code-reuse attacks with control-flow locking. In: Proceedings of the 27th Annual Computer Security Applications Conference, pp. 353–362. Association for Computing Machinery (2011). https://doi.org/10.1145/2076732.2076783

  5. Chen, X., et al.: VulChecker: achieving more effective taint analysis by identifying sanitizers automatically. In: 2021 IEEE 20th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 774–782. IEEE (2021). https://doi.org/10.1109/TrustCom53373.2021.00112

  6. Engler, D., Chen, D.Y., Hallem, S., Chou, A., Chelf, B.: Bugs as deviant behavior: a general approach to inferring errors in systems code. SIGOPS Oper. Syst. Rev. 35(5), 57–72 (2001). https://doi.org/10.1145/502059.502041

    Article  Google Scholar 

  7. Liu, D., et al.: Detecting missed security operations through differential checking of object-based similar paths. In: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, pp. 1627–1644. ACM (2021). https://doi.org/10.1145/3460120.3485373

  8. Liu, Y., Chen, X., Yang, Z., Wen, W.: Automatically constructing peer slices via semantic and context-aware security checks in the Linux kernel. In: 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops, DSN Workshops, Taipei, Taiwan, 21–24 June 2021, pp. 108–113. IEEE (2021). https://doi.org/10.1109/DSN-W52860.2021.00028

  9. Lu, K., Hu, H.: Where does it go?: refining indirect-call targets with multi-layer type analysis. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, CCS 2019, London, UK, 11–15 November 2019, pp. 1867–1881. ACM (2019). https://doi.org/10.1145/3319535.3354244

  10. Lu, K., Pakki, A., Wu, Q.: Automatically identifying security checks for detecting kernel semantic bugs. In: Sako, K., Schneider, S., Ryan, P.Y.A. (eds.) ESORICS 2019, Part II. LNCS, vol. 11736, pp. 3–25. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-29962-0_1

    Chapter  Google Scholar 

  11. Lu, K., Pakki, A., Wu, Q.: Detecting missing-check bugs via semantic- and context-aware criticalness and constraints inferences. In: 28th USENIX Security Symposium, USENIX Security 2019, Santa Clara, CA, USA, 14–16 August 2019, pp. 1769–1786. USENIX Association (2019)

    Google Scholar 

  12. Mao, J., Chen, Y., Xiao, Q., Shi, Y.: RID: finding reference count bugs with inconsistent path pair checking. In: Proceedings of the Twenty-First International Conference on Architectural Support for Programming Languages and Operating Systems, pp. 531–544 (2016)

    Google Scholar 

  13. Min, C., Kashyap, S., Lee, B., Song, C., Kim, T.: Cross-checking semantic correctness: the case of finding file system bugs. In: Proceedings of the 25th Symposium on Operating Systems Principles, SOSP 2015, pp. 361–377. Association for Computing Machinery (2015). https://doi.org/10.1145/2815400.2815422

  14. Pakki, A., Lu, K.: Exaggerated error handling hurts! An in-depth study and context-aware detection. In: CCS 2020: 2020 ACM SIGSAC Conference on Computer and Communications Security, Virtual Event, USA, 9–13 November 2020, pp. 1203–1218. ACM (2020). https://doi.org/10.1145/3372297.3417256

  15. Saha, S., Lozi, J.P., Thomas, G., Lawall, J.L., Muller, G.: Hector: detecting resource-release omission faults in error-handling code for systems software. In: 2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 1–12. IEEE (2013)

    Google Scholar 

  16. Wang, W., Lu, K., Yew, P.C.: Check it again: detecting Lacking-Recheck bugs in OS kernels. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 1899–1913. Association for Computing Machinery (2018). https://doi.org/10.1145/3243734.3243844

  17. Weiser, M.D.: Program slices: formal, psychological, and practical investigations of an automatic program abstraction method. University of Michigan (1979)

    Google Scholar 

  18. Wu, Q., He, Y., McCamant, S., Lu, K.: Precisely characterizing security impact in a flood of patches via symbolic rule comparison. In: 27th Annual Network and Distributed System Security Symposium, NDSS 2020, San Diego, California, USA, 23–26 February 2020. The Internet Society (2020)

    Google Scholar 

  19. Yun, I., Min, C., Si, X., Jang, Y., Kim, T., Naik, M.: APISan: sanitizing API usages through semantic cross-checking. In: 25th USENIX Security Symposium, USENIX Security 2016, Austin, TX, USA, 10–12 August 2016, pp. 363–378. USENIX Association (2016)

    Google Scholar 

  20. Zhang, T., Shen, W., Lee, D., Jung, C., Azab, A.M., Wang, R.: PeX: a permission check analysis framework for Linux kernel. In: 28th USENIX Security Symposium (2019)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Software and Microelctronics, Peking University, Beijing, China

    Yeqi Fu, Yongzhi Liu, Qian Zhang, Zhou Yang, Xiarun Chen, Chenglin Xie & Weiping Wen

Authors
  1. Yeqi Fu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yongzhi Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Qian Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Zhou Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Xiarun Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Chenglin Xie
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Weiping Wen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Weiping Wen .

Editor information

Editors and Affiliations

  1. Nankai University, Tianjin, China

    Ding Wang

  2. Columbia University, New York, NY, USA

    Moti Yung

  3. Nankai University, Tianjin, China

    Zheli Liu

  4. Xidian University, Xi’an, China

    Xiaofeng Chen

Appendix

Appendix

Table 6. Bugs found by SSD in Linux kernel
Full size table

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Fu, Y. et al. (2023). Finding Missing Security Operation Bugs via Program Slicing and Differential Check. In: Wang, D., Yung, M., Liu, Z., Chen, X. (eds) Information and Communications Security. ICICS 2023. Lecture Notes in Computer Science, vol 14252. Springer, Singapore. https://doi.org/10.1007/978-981-99-7356-9_41

Download citation

  • DOI: https://doi.org/10.1007/978-981-99-7356-9_41

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-99-7355-2

  • Online ISBN: 978-981-99-7356-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation