Effective Static Analysis of Concurrency Use-After-Free Bugs in Linux Device Drivers

  主 讲 人:白家驹 清华大学计算机系 操作系统实验室

  报告时间:2019年5月23日(周二)上午 10:00 – 12:00


  报告摘要 (Abstract)

  In Linux device drivers, use-after-free (UAF) bugs can cause system crashes and serious security problems. According to our study of Linux kernel commits, nearly half of the driver commits fixing use-after-free bugs involve driver concurrency. Due to the non-determinism of concurrent execution, concurrency use-after-free bugs are often more difficult to reproduce and detect than sequential use-after-free bugs. In this talk, I will present a new static analysis approach named DCUAF, to effectively detect concurrency use-after-free bugs in Linux device drivers. DCUAF combines a local analysis analyzing the source code of each driver with a global analysis statistically analyzing the local results of all drivers, forming a local-global analysis, to extract the pairs of driver interface functions that may be concurrently executed. Then, with these pairs, DCUAF performs a summary-based lockset analysis to detect concurrency use-after-free bugs. DCUAF has been evaluated on the driver code in the Linux kernel, and found hundreds of real concurrency use-after-free bugs.

  主讲人简介 (Short Bio)

  白家驹博士是清华大学计算机系操作系统的博士后和助理研究员。他在2013年于西安电子科技大学获得学士学位,并在2018年于清华大学获得博士学位。他的博士毕业论文被评为清华大学优秀博士学位论文。他的主要研究方向为操作系统可靠性和内核程序分析,侧重利用动态分析和静态分析技术对操作系统源代码进行缺陷检测。他的研究工作发表在USENIX ATC、ASPLOS、CGO、JSS、IST等系统和软件分析领域的会议和期刊中,并且在Linux、FreeBSD和NetBSD等常用操作系统代码中发现了诸多真实的缺陷。