主 讲 人：白家驹 清华大学计算机系 操作系统实验室

　　报告时间：2019年5月23日（周二）上午 10:00 – 12:00

　　报告地点：1048会议室

　　报告摘要 (Abstract)

　　In Linux device drivers, use-after-free (UAF) bugs can cause system crashes and serious security problems. According to our study of Linux kernel commits, nearly half of the driver commits fixing use-after-free bugs involve driver concurrency. Due to the non-determinism of concurrent execution, concurrency use-after-free bugs are often more difficult to reproduce and detect than sequential use-after-free bugs. In this talk, I will present a new static analysis approach named DCUAF, to effectively detect concurrency use-after-free bugs in Linux device drivers. DCUAF combines a local analysis analyzing the source code of each driver with a global analysis statistically analyzing the local results of all drivers, forming a local-global analysis, to extract the pairs of driver interface functions that may be concurrently executed. Then, with these pairs, DCUAF performs a summary-based lockset analysis to detect concurrency use-after-free bugs. DCUAF has been evaluated on the driver code in the Linux kernel, and found hundreds of real concurrency use-after-free bugs.

　　主讲人简介 (Short Bio)

　　白家驹博士是清华大学计算机系操作系统的博士后和助理研究员。他在2013年于西安电子科技大学获得学士学位，并在2018年于清华大学获得博士学位。他的博士毕业论文被评为清华大学优秀博士学位论文。他的主要研究方向为操作系统可靠性和内核程序分析，侧重利用动态分析和静态分析技术对操作系统源代码进行缺陷检测。他的研究工作发表在USENIX ATC、ASPLOS、CGO、JSS、IST等系统和软件分析领域的会议和期刊中，并且在Linux、FreeBSD和NetBSD等常用操作系统代码中发现了诸多真实的缺陷。