Git Product home page Git Product logo

crix's Introduction

Crix: Detecting Missing-Check Bugs in OS Kernels

Missing a security check is a class of semantic bugs in software programs where erroneous execution states are not validated. Missing-check bugs are particularly common in OS kernels because they frequently interact with external untrusted user space and hardware, and carry out error-prone computation. Missing-check bugs may cause a variety of critical security consequences, including permission bypasses, out-of-bound accesses, and system crashes.

The tool, Crix, can quickly detect missing-check bugs in OS kernels. It evaluates whether any security checks are missing for critical variables, using an inter-procedural, semantic- and context-aware cross-checking. We have used Crix to find 278 new missing-check bugs in the Linux kernel. More details can be found in the paper shown at the bottom.

How to use Crix

Build LLVM

	$ cd llvm 
	$ ./build-llvm.sh 
	# The installed LLVM is of version 10.0.0

Build the Crix analyzer

	# Build the analysis pass of Crix 
	$ cd ../analyzer 
	$ make 
	# Now, you can find the executable, `kanalyzer`, in `build/lib/`

Prepare LLVM bitcode files of OS kernels

  • Replace error-code definition files of the Linux kernel with the ones in "encoded-errno"
  • The code should be compiled with the built LLVM
  • Compile the code with options: -O0 or -O2, -g, -fno-inline
  • Generate bitcode files

Run the Crix analyzer

	# To analyze a single bitcode file, say "test.bc", run:
	$ ./build/lib/kanalyzer -sc test.bc
	# To analyze a list of bitcode files, put the absolute paths of the bitcode files in a file, say "bc.list", then run:
	$ ./build/lib/kalalyzer -mc @bc.list

More details

@inproceedings{crix-security19,
  title        = {{Detecting Missing-Check Bugs via Semantic- and Context-Aware Criticalness and Constraints Inferences}},
  author       = {Kangjie Lu and Aditya Pakki and Qiushi Wu},
  booktitle    = {Proceedings of the 28th USENIX Security Symposium (Security)},
  month        = August,
  year         = 2019,
  address      = {Santa Clara, CA},
}

crix's People

Contributors

adityapakki avatar kengiter avatar qiushiwu avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.