SaTC: CORE: Small: Collaborative: Towards Facilitating Kernel Vulnerability Reproduction by Fusing Crowd and Machine Generated Data

SaTC：核心：小型：协作：通过融合人群和机器生成的数据来促进内核漏洞再现

• 批准号: 1955719
• 负责人: Gang Wang
• 金额: $ 17.5万
• 依托单位: University of Illinois at Urbana-Champaign
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2020
• 资助国家: 美国
• 起止时间: 2020-10-01 至 2024-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1955719&HistoricalAwards=false
• 关键词: SaTC; CORE; Small; Collaborative; Towards

The kernel is the core piece of software in a computer's operating system. Due to the high complexity of kernel software, finding all vulnerabilities during the development phase is nearly impossible. In recent years, crowdsourcing efforts have shown great success in discovering kernel vulnerabilities, where security professionals, hackers, and users can all contribute by submitting kernel bug reports. However, research shows that many vulnerability reports, including those generated by automated tools (e.g., kernel fuzzers), are not easily reproducible. Non-reproducible reports can cause significant delays to the patching process or lead kernel vendors to misjudge the severity of the vulnerability. Preliminary research shows vulnerability reports are not reproducible due to 1) missing information on the compilation configuration; (2) a lack of data to construct the contexts for triggering the bug; and (3) inaccurate or incomplete information about the vulnerable kernel versions. This project will develop new approaches combining crowd-reported and machine-generated data and static-dynamic program analysis to automate the process of inferring, constructing, and validating the needed information for kernel-vulnerability reproduction.This project will provide much-needed automation for reproducing kernel bugs and vulnerabilities. If successful, the project will significantly advance computer security (for kernel vulnerability analysis) and contribute to the field of software engineering (for bug diagnosis and assessment). By improving the reproduction rate of kernel bugs, this project will also help with other parallel efforts for vulnerability patching and remediation. The expected advancements are three-fold. (1) The team will develop novel inference methods to infer the kernel compilation configuration based on memory snapshots and code segments in the bug reports. It will design new approaches to handle the untrusted or corrupted memory dumps caused by the bugs. (2) Team members will develop new mechanisms to construct precise triggering contexts to trigger the reported bugs (via kernel fault manipulation and injection). The context construction method is also able to pinpoint relevant faulty processes and handle kernel interrupt correctly. (3) New fuzzing tools will be designed to migrate input programs to enable much broader bug testing across kernel versions, and new methods to quickly determine non-vulnerable versions.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

内核是计算机操作系统中软件的核心部分。由于内核软件的高度复杂性，在开发阶段找到所有漏洞几乎是不可能的。近年来，众包工作在发现内核漏洞方面取得了巨大成功，安全专业人员，黑客和用户都可以通过提交内核错误报告做出贡献。然而，研究表明，许多漏洞报告，包括由自动化工具（例如，核模糊器）不容易再现。不可复制的报告可能会导致修补过程的显著延迟，或导致内核供应商误判漏洞的严重性。初步研究表明，漏洞报告是不可复制的，原因是：（1）缺少有关编译配置的信息;（2）缺乏用于构建触发错误的上下文的数据;以及（3）有关易受攻击的内核版本的信息不准确或不完整。该项目将开发新的方法，将群众报告和机器生成的数据与静态-动态程序分析相结合，以自动化推断，构建和验证内核漏洞复制所需的信息。该项目将为复制内核错误和漏洞提供急需的自动化。如果成功，该项目将大大推进计算机安全（内核漏洞分析），并有助于软件工程领域（错误诊断和评估）。通过提高内核错误的再现率，该项目还将有助于其他并行的漏洞修补和修复工作。预期的进步有三倍。(1)该团队将开发新的推理方法，根据内存快照和错误报告中的代码段来推断内核编译配置。它将设计新的方法来处理由错误引起的不可信或损坏的内存转储。(2)团队成员将开发新的机制来构建精确的触发上下文，以触发报告的错误（通过内核故障操作和注入）。上下文构造方法还能准确定位相关的故障进程，并正确处理内核中断。(3)新的模糊测试工具将被设计用于移植输入程序，以实现跨内核版本的更广泛的错误测试，以及快速确定非易受攻击版本的新方法。该奖项反映了NSF的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

Everybody’s Got ML, Tell Me What Else You Have: Practitioners’ Perception of ML-Based Security Tools and Explanations

• DOI: 10.1109/sp46215.2023.10179321
• 发表时间: 2023-05
• 期刊: 2023 IEEE Symposium on Security and Privacy (SP)
• 作者: Jaron Mink;Hadjer Benkraouda;Limin Yang;A. Ciptadi;Aliakbar Ahmadzadeh;Daniel Votipka;Gang Wang

Is It Overkill? Analyzing Feature-Space Concept Drift in Malware Detectors

• DOI: 10.1109/spw59333.2023.00007
• 发表时间: 2023-05
• 期刊: 2023 IEEE Security and Privacy Workshops (SPW)
• 作者: Zhi Chen;Zhenning Zhang;Zeliang Kan;Limin Yang;Jacopo Cortellazzi;Feargus Pendlebury;Fabio Pierazzi;L. Cavallaro;Gang Wang

An In-depth Analysis of Duplicated Linux Kernel Bug Reports

• DOI: 10.14722/ndss.2022.24159
• 发表时间: 2022
• 期刊: Proceedings 2022 Network and Distributed System Security Symposium
• 作者: Dongliang Mu;Yuhang Wu;Yueqi Chen;Zhenpeng Lin;Chensheng Yu;Xinyu Xing;Gang Wang