• 中国计算机学会会刊
  • 中国科技核心期刊
  • 中文核心期刊

J4 ›› 2016, Vol. 38 ›› Issue (02): 290-296.

• 论文 • 上一篇    下一篇

使用符号化驱动环境检测Linux设备驱动程序的漏洞

徐永健1,2,王丹1,陈渝2,范文良2   

  1. (1.北京工业大学计算机学院,北京 100124;2.清华大学计算机科学与技术系,北京 100084)
  • 收稿日期:2015-03-10 修回日期:2015-05-06 出版日期:2016-02-25 发布日期:2016-02-25
  • 基金资助:

    国家自然科学基金(61202074)

Symbolic device driver environment for
detecting bugs in Linux device driver 

XU Yongjian1,2,WANG Dan1,CHEN Yu2,FAN Wenliang2   

  1. (1.School of Computer Science,Beijing University of Technology,Beijing 100124;
    2.Department of Computer Science and Technology,Tsinghua University,Beijing 100084,China)
  • Received:2015-03-10 Revised:2015-05-06 Online:2016-02-25 Published:2016-02-25

摘要:

研究表明,驱动程序的漏洞是造成Linux系统安全问题的主要原因之一,可引发提权、拒绝服务等高危情况。针对无具体设备的情况下,无法对驱动程序进行运行时漏洞检测的问题,提出了对驱动程序进行符号化执行的思路,提出了一种基于符号执行技术实现的驱动程序模拟环境,可以用于分析和检测Linux设备驱动程序中存在的安全漏洞。该环境通过模拟内核提供给驱动程序的服务接口,使驱动程序可以在应用层进行符号执行进而可对其进行漏洞检测。同时,该环境无需真实硬件的支持,并且具备覆盖率高、执行速度快、易于扩展等特点。通过将该环境作用于6个不同的Linux设备驱动,检测出了6个真实的漏洞,其中三个漏洞已向驱动维护者提交补丁并被接受。实验结果表明,符号化驱动环境具备一定的漏洞检测能力,并且拥有资源消耗低、检测速度快和不依赖于硬件设备的特点。

关键词: 漏洞检测, 符号执行, Linux, 设备驱动

Abstract:

Studies have shown that driver vulnerability is one of the main causes of Linux security issues, which can lead to privilege escalation, denial of service and other highrisk situations. Considering the difficulty of driver vulnerability detection without real devices, this paper proposes symbolic execution of Linux drivers and implements the symbolic device driver environment (SDDE ), which can detect bugs in Linux device driver. The SDDE provides symbolic kernel services and symbolic devices, making symbolic execution of Linux driver and runtime driver vulnerability detection possible. The SDDE works without real hardware, and has high coverage, high performance and good scalability. The SDDE is applied to 6 Linux drivers, and we found six real bugs, three of which are confirmed by Linux developers.

Key words: bug detection, symbolic execution, Linux, device driver