本文已被:浏览 1171次 下载 1897次
Received:March 16, 2019 Revised:April 17, 2019
Received:March 16, 2019 Revised:April 17, 2019
中文摘要: 由于Linux系统的设备驱动工作在内核模式中,在这种特定的工作场景下,由设备驱动引发的漏洞问题极易影响操作系统的稳定性和安全性.当前在各类设备驱动漏洞中所占比例较高的当属资源操作类漏洞,针对这种情况,我们提出了一种基于配对函数调用场景的设备驱动漏洞检测方法.首先引入配对函数的概念,据此对特定的驱动程序做配对函数的自动提取与优化;随后结合手工分析结果构建配对函数在资源申请与释放过程中的执行路径;最后基于相应的函数调用场景进行配对检查,检测并验证设备驱动程序中内存资源的申请和释放是否为完全层次性匹配.为验证该方法的有效性,实验分别选取不同的设备驱动应用该漏洞检测方法,记录相应的漏报率、误报率及覆盖度.实验结果表明,该设备驱动漏洞检测方法精确率较高,检测速度快.并且该方法不依赖于实时编译以及硬件设备等条件.
Abstract:Since the device drivers of Linux work in the kernel mode, in this specific work scenario, the vulnerability caused by the device drivers can easily affect the stability and security of the operating system. At present, the most proportion of various types of device drivers' vulnerabilities is resource operation vulnerability. In this case, a vulnerability device detection method of device drivers based on pair functions' calling context is proposed. Firstly, we introduced the concept of pair function, according to which the automatic extraction and optimization of the pair function were performed for the specific drivers. Then the execution path of the pair function in the resource request and release process was recorded based on manual analysis results. Finally, the pair function was combined with the corresponding calling context scenario to verify whether the application and release of memory resources in the device driver matched in the hierarchy exactly. In order to verify the effectiveness of this method, vulnerability detection method was applied to different drivers in the experiment, and the corresponding false negative, false positive, and coverage were recorded. The experimental results show that the device drivers' vulnerability detection method has higher accuracy and faster detection speed, and the method does not depend on conditions such as real-time compilation and hardware devices.
文章编号: 中图分类号: 文献标志码:
基金项目:国家重点研发计划(2016YFF0204002);教育部产学合作协同育人项目(201702025004)
引用文本:
王佳,翟高寿,刘峰,李红辉.基于配对函数调用场景的设备驱动漏洞检测.计算机系统应用,2019,28(10):35-44
WANG Jia,ZHAI Gao-Shou,LIU Feng,LI Hong-Hui.Vulnerability Detection of Device Drivers Based on Pair Functions’ Calling Context.COMPUTER SYSTEMS APPLICATIONS,2019,28(10):35-44
王佳,翟高寿,刘峰,李红辉.基于配对函数调用场景的设备驱动漏洞检测.计算机系统应用,2019,28(10):35-44
WANG Jia,ZHAI Gao-Shou,LIU Feng,LI Hong-Hui.Vulnerability Detection of Device Drivers Based on Pair Functions’ Calling Context.COMPUTER SYSTEMS APPLICATIONS,2019,28(10):35-44