辅助检测Linux驱动中漏洞的符号驱动环境

J4 ›› 2015, Vol. 37 ›› Issue (06): 1058-1063.

辅助检测Linux驱动中漏洞的符号驱动环境

范文良，茅俊杰，肖奇学，徐永健，杨维康，陈渝

（清华大学计算机科学与技术系，北京 100084）

收稿日期:2014-05-05 修回日期:2014-06-11 出版日期:2015-06-25 发布日期:2015-06-25
基金资助:
国家自然科学基金资助项目（61170050）；核高基重大专项基金资助项目（2012ZX01039004）

Symbolic driver environment:
a tool aided to detect Linux driver bugs

FAN Wenliang,MAO Junjie,XIAO Qixue,XU Yongjian,YANG Weikang,CHEN Yu

（Department of Computer Science and Technology,Tsinghua University,Beijing 100084,China）

Received:2014-05-05 Revised:2014-06-11 Online:2015-06-25 Published:2015-06-25

摘要/Abstract

摘要：

Linux系统中的驱动漏洞被证实是内核漏洞的主要来源，可以被利用导致严重的安全问题。通过系统模型、驱动与内核的交互和驱动与设备的交互这三部分的设计与实现，构建了符号驱动环境，用于辅助检测Linux驱动中的漏洞。使用符号驱动环境对两个真实的驱动进行检测，成功检测出了两个漏洞，证实了该工具的可行性。与SymDrive工具的性能相比，符号驱动环境执行速度快90%，覆盖率提高20%。

关键词: 驱动漏洞, 漏洞检测, 符号执行, 驱动环境

Abstract:

It has been proved that Linux driver bugs are the major bug source of the whole system, which can lead to serious security problems.A tool called symbolic driver environment (SDE) is designed to detect Linux driver bugs, which consists of the system model,the interactions between driver and kernel, and the interactions between driver and device.Using SDE, we detect two real Linux drivers, and find two bugs. The results prove that the tool is feasible, and the speed is 90% faster and the coverage is 20% larger compared with an existing tool called SymDrive.

Key words: driver bugs;detect bugs;symbolic execution;driver environment

范文良，茅俊杰，肖奇学，徐永健，杨维康，陈渝. 辅助检测Linux驱动中漏洞的符号驱动环境[J]. J4, 2015, 37(06): 1058-1063.

FAN Wenliang,MAO Junjie,XIAO Qixue,XU Yongjian,YANG Weikang,CHEN Yu. Symbolic driver environment:
a tool aided to detect Linux driver bugs [J]. J4, 2015, 37(06): 1058-1063.

[1]	陈英杰，陈振邦，董威. 基于性质制导符号执行的Linux驱动程序缺陷检测研究[J]. 计算机工程与科学, 2017, 39(04): 734-739.
[2]	蔡军，邹鹏，熊达鹏，何骏. 结合静态分析与动态符号执行的软件漏洞检测方法[J]. 计算机工程与科学, 2016, 38(12): 2536-2541.
[3]	徐永健1,2,王丹1,陈渝2,范文良2. 使用符号化驱动环境检测Linux设备驱动程序的漏洞[J]. J4, 2016, 38(02): 290-296.
[4]	代子营,毛晓光,马晓东,王瑞. 基于抽象符号表的内存模型[J]. J4, 2011, 33(6): 84-90.