SaTC: CORE: Small: Checking Security Checks in OS Kernels

SaTC：核心：小：检查操作系统内核中的安全检查

• 批准号: 1931208
• 负责人: Kangjie Lu
• 金额: $ 50万
• 依托单位: University of Minnesota-Twin Cities
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2019
• 资助国家: 美国
• 起止时间: 2019-10-01 至 2023-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1931208&HistoricalAwards=false
• 关键词: SaTC; CORE; Small; Checking; Security

Operating system (OS) kernels play a critical role in computer systems by virtually having complete control over the systems. OS kernels not only manage hardware and system resources, but also provide services and protection. Given these tasks, OS kernels have to process external untrusted inputs and perform complicated operations, both of which are error-prone. To avoid entering into erroneous states, OS kernels tend to enforce a large number of security checks---"if" and "switch" statements that are used to validate states. Unfortunately, security checks themselves are often buggy. In particular, a security check may be missing or incomplete, be placed in an improper location, target a wrong variable, etc. Buggy security checks often cause critical security impact because the intended validation for potential errors can be void. This project aims to systematically investigate security checks in OS kernels, to automatically identify security checks, and to develop a set of new techniques to detect the common classes of security-check bugs. This project is expected to effectively find a potentially large number of previously unknown security-check bugs in widely used OS kernels, and thus to significantly improve the security of computer systems with billions of users. The broader educational activities of this project include integrating research with outreach, organizing Capture The Flag competitions among universities and industries in Minnesota, and developing courses for training interdisciplinary and underrepresented students.The goal of this project is to systematically investigate security checks and effectively detect the common and critical security-check bugs in popular OS kernels, including the Linux kernel, the Android kernel, the FreeBSD kernel, Darwin-XNU (MacOS), and ReactOS (Windows-like). The project is comprised of two main research thrusts: (1) identifying security checks and (2) detecting security-check bugs. Both research thrusts are challenging because they require the understanding of code semantics and contexts, and even developer logic. Therefore, this project develops a set of semantic-and context-aware approaches. This project also enhances existing techniques such as fuzzing and symbolic execution to effectively and scalably detect security-check bugs. Multiple general techniques developed in this project, such as accurately finding indirect-call targets, identifying semantically-similar peer code paths, modeling OS-kernel boundary, would also advance future research on systems analysis and protection.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

操作系统（OS）内核通过虚拟地完全控制系统而在计算机系统中起关键作用。操作系统内核不仅管理硬件和系统资源，而且提供服务和保护。给定这些任务，操作系统内核必须处理外部不可信输入并执行复杂操作，这两者都容易出错。为了避免进入错误的状态，OS内核倾向于强制执行大量的安全检查-“if”和“switch”语句用于验证状态。 不幸的是，安全检查本身往往是错误的。 特别是，安全检查可能丢失或不完整，放置在不正确的位置，目标错误的变量等。错误的安全检查通常会导致严重的安全影响，因为对潜在错误的预期验证可能无效。 本计画旨在系统地研究操作系统内核中的安全检查，自动识别安全检查，并发展一套新的技术来侦测常见的安全检查错误。 该项目预计将有效地发现广泛使用的操作系统内核中潜在的大量以前未知的安全检查错误，从而显着提高具有数十亿用户的计算机系统的安全性。 该项目更广泛的教育活动包括将研究与推广相结合，在明尼苏达州的大学和行业中组织Capture The Flag比赛，以及开发培训跨学科和代表性不足的学生的课程。该项目的目标是系统地调查安全检查并有效地检测流行操作系统内核中常见和关键的安全检查错误，包括Linux内核，Android内核，FreeBSD内核、Darwin-XNU（MacOS）和ReactOS（类Windows）。该项目由两个主要研究方向组成：（1）识别安全检查和（2）检测安全检查错误。这两个研究方向都具有挑战性，因为它们需要理解代码语义和上下文，甚至开发人员逻辑。因此，本计画提出一套语意与情境感知的方法。该项目还增强了现有的技术，如模糊和符号执行，以有效和可扩展地检测安全检查错误。该项目开发的多项通用技术，如准确找到间接调用目标，识别语义相似的对等代码路径，建模操作系统内核边界，也将推动未来的系统分析和保护研究。该奖项反映了NSF的法定使命，并通过使用基金会的智力价值和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

Detecting Missed Security Operations Through Differential Checking of Object-based Similar Paths

• DOI: 10.1145/3460120.3485373
• 发表时间: 2021-11
• 期刊: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security
• 作者: Dinghao Liu;Qiushi Wu;S. Ji;Kangjie Lu;Zhenguang Liu;Jianhai Chen;Qinming He

Detecting Kernel Memory Leaks in Specialized Modules with Ownership Reasoning

• DOI: 10.14722/ndss.2021.24416
• 发表时间: 2021
• 期刊: Proceedings 2021 Network and Distributed System Security Symposium
• 作者: Navid Emamdoost

Context-Sensitive and Directional Concurrency Fuzzing for Data-Race Detection

• DOI: 10.14722/ndss.2022.24296
• 发表时间: 2022
• 期刊: Proceedings 2022 Network and Distributed System Security Symposium
• 作者: Zu-Ming Jiang;Jia-Ju Bai;Kangjie Lu;Shih-Min Hu

On the Feasibility of Automated Built-in Function Modeling for PHP Symbolic Execution

论PHP符号执行的自动内置函数建模的可行性

• DOI: 10.1145/3442381.3450002
• 发表时间: 2021
• 期刊: the 30th International World Wide Web Conference (WWW'21
• 作者: Li, Penghui;Meng, Wei;Lu, Kangjie;Luo, Changhua
• 通讯作者: Luo, Changhua

MPTEE: bringing flexible and efficient memory protection to Intel SGX

• DOI: 10.1145/3342195.3387536
• 发表时间: 2020-04
• 期刊: Proceedings of the Fifteenth European Conference on Computer Systems
• 作者: Wenjia Zhao;Kangjie Lu;Yong Qi;Saiyu Qi