Git Product home page Git Product logo

awesome-concurrency-vulnerability-paper's Introduction

Awesome-Concurrency-Vulnerability-Paper

Papers on concurrency vulnerability analysis, including multithreaded programs, multi-tasking programs and interrupt driven programs.


Type1. Multi-tasking program, such as Real time operating system

  • “Static Race Detection for RTOS Applications.” ArXiv abs/2010.02642 (2020): n. pag.

  • “Detecting All High-Level Dataraces in an RTOS Kernel.” VMCAI (2017).

  • “Data Races and Static Analysis for Interrupt-Driven Kernels.” ESOP (2019).

  • “Formal Verification of Datarace in Safety Critical ARINC653 compliant RTOS.” 2018 International Conference on Advances in Computing, Communications and Informatics (ICACCI) (2018): 1273-1279.

  • “Static analysis for detecting high-level races in RTOS kernels.” Formal Methods in System Design (2019): 1-28.


Type2. Multithread program, such as Linux, Windows

  • Chen, Hongxu et al. “MUZZ: Thread-aware Grey-box Fuzzing for Effective Bug Hunting in Multithreaded Programs.” Usenix Security Symposium (2020): n. pag.

  • Aljaafari, Fatimah et al. “Combining BMC and Fuzzing Techniques for Finding Software Vulnerabilities in Concurrent Programs.” ArXiv abs/2206.06043 (2022): n. pag.

  • Jiang, Zu-Ming et al. “Context-Sensitive and Directional Concurrency Fuzzing for Data-Race Detection.” Proceedings 2022 Network and Distributed System Security Symposium (2022): n. pag. //Linux5.4

  • Wen, Cheng et al. “Controlled Concurrency Testing via Periodical Scheduling.” 2022 IEEE/ACM 44th International Conference on Software Engineering (ICSE) (2022): 474-486. //linux v4.16-rc3 to v4.18-rc3

  • “Analysis of Correct Synchronization of Operating System Components.” Programming and Computer Software 46 (2020): 712-730.

  • Yu, Kunpeng et al. “Detecting concurrency vulnerabilities based on partial orders of memory and thread events.” Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (2021): n. pag.

  • Sheng, Tianwei et al. “RACEZ: a lightweight and non-invasive race detection tool for production applications.” 2011 33rd International Conference on Software Engineering (ICSE) (2011): 401-410. //linux kernel version is 2.6.30 with perfmon2 kernel patch

  • Zhang, T. et al. “ProRace: Practical Data Race Detection for Production Use.” Proceedings of the Twenty-Second International Conference on Architectural Support for Programming Languages and Operating Systems(ASPLOS) (2017) . //linux 4.5.0

  • Lee, Yoochan et al. “ExpRace: Exploiting Kernel Races through Raising Interrupts.” USENIX Security Symposium (2021).

  • Gong, Sishuai et al. “Snowboard: Finding Kernel Concurrency Bugs through Systematic Inter-thread Communication Analysis.” Proceedings of the ACM SIGOPS 28th Symposium on Operating Systems Principles (2021): n. pag. //Linux kernels 5.3.10 and 5.12-rc3

  • Engler, Dawson R. and Ken Ashcraft. “RacerX: effective, static detection of race conditions and deadlocks.” SOSP '03 (2003). // FreeBSD, Linux and a large commercial code.

  • Pratikakis, Polyvios et al. “LOCKSMITH: Practical static race detection for C.” ACM Trans. Program. Lang. Syst. 33 (2011): 3:1-3:55. //linux&POSIX

  • Pratikakis, Polyvios et al. “LOCKSMITH: context-sensitive correlation analysis for race detection.” PLDI '06 (2006). //linux 2.4.21

  • Kahlon, Vineet et al. “Fast and Accurate Static Data-Race Detection for Concurrent Programs.” CAV (2007). //linux device driver

  • Chen, Qiu-Liang et al. “Detecting Data Races Caused by Inconsistent Lock Protection in Device Drivers.” 2019 IEEE 26th International Conference on Software Analysis, Evolution and Reengineering (SANER) (2019): 366-376. // device drivers in linux 4.16.9

  • Bai, Jia-Ju et al. “Effective Static Analysis of Concurrency Use-After-Free Bugs in Linux Device Drivers.” USENIX Annual Technical Conference (2019). //driver code of Linux 4.19

  • Bai, Jia-Ju et al. “DSAC: Effective Static Analysis of Sleep-in-Atomic-Context Bugs in Kernel Modules.” USENIX Annual Technical Conference (2018). //Linux kernel 3.17.2 and 4.11.1, FreeBSD 11.0 and NetBSD 7.1 kernels

  • Voung, Jan Wen et al. “RELAY: static race detection on millions of lines of code.” ESEC-FSE '07(2007). // linux kernel 2.6.15

  • Zeng, Qiang et al. “Cruiser: concurrent heap buffer overflow monitoring using lock-free data structures.” PLDI '11 (2011). // linux 2.6.24

  • Jeong, Dae R. et al. “Razzer: Finding Kernel Race Bugs through Fuzzing.” 2019 IEEE Symposium on Security and Privacy (SP) (2019): 754-768. // Linux kernel from v4.16-rc3 to v4.18- rc3

  • Lochmann, Alexander et al. “LockDoc: Trace-Based Analysis of Locking in the Linux Kernel.” Proceedings of the Fourteenth EuroSys Conference 2019 (2019): n. pag. // linux 4.10

  • Serebryany, Kostya and Timur Iskhodzhanov. “ThreadSanitizer: data race detection in practice.” WBIA '09 (2009). // C/C++ programs on Linux and Mac

  • Xu, Meng et al. “Krace: Data Race Fuzzing for Kernel File Systems.” 2020 IEEE Symposium on Security and Privacy (SP) (2020): 1643-1660. // linux v5.4-rc5

  • Chen, Zhangyu et al. “Efficiently detecting concurrency bugs in persistent memory programs.” Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems (2022): n. pag. // linux 5.4.0

  • Cai, Yuandao et al. “Canary: practical static detection of inter-thread value-flow bugs.” Proceedings of the 42nd ACM SIGPLAN International Conference on Programming Language Design and Implementation (2021): n. pag.

  • Kahlon, Vineet et al. “Static data race detection for concurrent programs with asynchronous calls.” ESEC/FSE '09 (2009). // Linux、bzip2smp

  • Zhao, Shixiong et al. “OWL: Understanding and Detecting Concurrency Attacks.” 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)(2018): 219-230. // linux & Windows

  • Huang, Jeff. “Stateless model checking concurrent programs with maximal causality reduction.” Proceedings of the 36th ACM SIGPLAN Conference on Programming Language Design and Implementation (2015): n. pag.

  • Deligiannis, Pantazis et al. “Fast and Precise Symbolic Analysis of Concurrency Bugs in Device Drivers (T).” 2015 30th IEEE/ACM International Conference on Automated Software Engineering (ASE) (2015): 166-177. // Linux 4.0 kernel

  • Vojdani, Vesal et al. “Static race detection for device drivers: The Goblint approach.” 2016 31st IEEE/ACM International Conference on Automated Software Engineering (ASE) (2016): 391-402. // linux 4.0

  • Fonseca, Pedro et al. “SKI: Exposing Kernel Concurrency Bugs through Systematic Schedule Exploration.” OSDI (2014). // kernal

  • Pailoor, Shankara et al. “MoonShine: Optimizing OS Fuzzer Seed Selection with Trace Distillation.” USENIX Security Symposium (2018). // linux 4.13-rc7

  • Alglave, Jade et al. “Frightening Small Children and Disconcerting Grown-ups: Concurrency in the Linux Kernel.” Proceedings of the Twenty-Third International Conference on Architectural Support for Programming Languages and Operating Systems (2018): n. pag.

  • Veeraraghavan, Kaushik et al. “Detecting and surviving data races using complementary schedules.” Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles(2011): n. pag.

  • Bai, Jia-Ju et al. “DLOS: Effective Static Detection of Deadlocks in OS Kernels.” USENIX Annual Technical Conference (2022). // linux 5.10

  • Nagarakatte, Santosh et al. “Multicore acceleration of priority-based schedulers for concurrency bug detection.” Proceedings of the 33rd ACM SIGPLAN Conference on Programming Language Design and Implementation(PLDI) (2012): n. pag.

  • Yu, Tingting et al. “ConTesa: Directed Test Suite Augmentation for Concurrent Software.” IEEE Transactions on Software Engineering 46 (2020): 405-419.

  • Zhang, T. et al. “TxRace: Efficient Data Race Detection Using Commodity Hardware Transactional Memory.” Proceedings of the Twenty-First International Conference on Architectural Support for Programming Languages and Operating Systems (2016): n. pag.

  • Samak, Malavika et al. “Synthesizing racy tests.” Proceedings of the 36th ACM SIGPLAN Conference on Programming Language Design and Implementation (2015): n. pag.

  • Lu, Shan et al. “Learning from mistakes: a comprehensive study on real world concurrency bug characteristics.” ASPLOS (2008).

  • Raychev, Veselin et al. “Effective race detection for event-driven programs.” Proceedings of the 2013 ACM SIGPLAN international conference on Object oriented programming systems languages & applications (2013): n. pag.

  • Marino, Daniel et al. “LiteRace: effective sampling for lightweight data-race detection.” PLDI '09(2009). //Microsoft programs, Apache, and Firefox

  • Sen, Koushik. “Race directed random testing of concurrent programs.” PLDI '08 (2008). //java programs

  • Blackshear, Sam et al. “RacerD: compositional static race detection.” Proceedings of the ACM on Programming Languages 2 (2018): 1 - 28. // java

  • Bora, Utpal et al. “LLOV: A Fast Static Data-Race Checker for OpenMP Programs.” ACM Trans. Archit. Code Optim. 17 (2020): 35:1-35:26. // C/C++ or FORTRAN program

  • Park, Chang-Seo and Koushik Sen. “Randomized active atomicity violation detection in concurrent programs.” SIGSOFT '08/FSE-16 (2008). // java

  • Zhai, Ke et al. “CARISMA: a context-sensitive approach to race-condition sample-instance selection for multithreaded applications.” ISSTA 2012 (2012). //java programs

  • Huang, Jeff. “UFO: Predictive Concurrency Use-After-Free Detection.” 2018 IEEE/ACM 40th International Conference on Software Engineering (ICSE) (2018): 609-619.

  • Ahmad, Adil et al. “Kard: lightweight data race detection with per-thread memory protection.” Proceedings of the 26th ACM International Conference on Architectural Support for Programming Languages and Operating Systems (2021): n. pag. // application

  • Pavlogiannis, Andreas. “Fast, sound, and effectively complete dynamic race prediction.” Proceedings of the ACM on Programming Languages 4 (2020): 1 - 29. //java programs

  • Song, Young Wn and Yann-Hang Lee. “A Parallel FastTrack Data Race Detector on Multi-core Systems.” 2017 IEEE International Parallel and Distributed Processing Symposium (IPDPS)(2017): 387-396. //programs

  • Di, Peng and Yulei Sui. “Accelerating Dynamic Data Race Detection Using Static Thread Interference Analysis.” Proceedings of the 7th International Workshop on Programming Models and Applications for Multicores and Manycores (2016): n. pag.

  • Savage, Stefan et al. “Eraser: a dynamic data race detector for multi-threaded programs.” Proceedings of the sixteenth ACM symposium on Operating systems principles (1997): n. pag.

  • Wen, Cheng et al. “Controlled Concurrency Testing via Periodical Scheduling.” 2022 IEEE/ACM 44th International Conference on Software Engineering (ICSE) (2022): 474-486.

  • Liu, Changming et al. “A Heuristic Framework to Detect Concurrency Vulnerabilities.” Proceedings of the 34th Annual Computer Security Applications Conference (2018): n. pag.

  • Liu, Ziheng et al. “Who goes first? detecting go concurrency bugs via message reordering.” Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems (2022)


Type3. Interrupt driven programs, such as bare-mental firmware

  • Kim, Taegyu et al. “PASAN: Detecting Peripheral Access Concurrency Bugs within Bare-Metal Embedded Applications.” USENIX Security Symposium (2021).

  • Wang, Boxiang et al. “SpecChecker-ISA: a data sharing analyzer for interrupt-driven embedded software.” Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis (2022): n. pag.

  • Kasikci, Baris et al. “RaceMob: crowdsourced data race detection.” Proceedings of the Twenty-Fourth ACM Symposium on Operating Systems Principles (2013): n. pag.

  • Wu, Xueguang et al. “Numerical static analysis of interrupt-driven programs via sequentialization.” 2015 International Conference on Embedded Software (EMSOFT) (2015): 55-64.

  • Wu, Xueguang et al. “Static Analysis of Runtime Errors in Interrupt-Driven Programs via Sequentialization.” ACM Transactions on Embedded Computing Systems (TECS) 15 (2016): 1 - 26.

  • Miné, Antoine. “Static Analysis of Embedded Real-Time Concurrent Software with Dynamic Priorities.” Electron. Notes Theor. Comput. Sci. 331 (2017): 3-39.

  • Du, Xiang et al. “Program Verification Enhanced Precise Analysis of Interrupt-Driven Program Vulnerabilities.” 2021 28th Asia-Pacific Software Engineering Conference (APSEC) (2021): 253-263.

  • Pan, Minxue et al. “Easy Modelling and Verification of Unpredictable and Preemptive Interrupt-Driven Systems.” 2019 IEEE/ACM 41st International Conference on Software Engineering (ICSE)(2019): 212-222.

  • Feng, Haining. “A Program Verification based Approach to Find Data Race Vulnerabilities in Interrupt-driven Program.” 2020 35th IEEE/ACM International Conference on Automated Software Engineering (ASE) (2020): 1361-1363.

  • Feng, H. , et al. "Rchecker: A CBMC-based Data Race Detector for Interrupt-driven Programs." 2020 IEEE 20th International Conference on Software Quality, Reliability and Security Companion (QRS-C) IEEE, 2020.

  • Ranjie Ding,Wenfeng Lin,Xiang Du & Liangze Yin.(2021).Extend Rchecker for Accurate Analysis of Real Embedded Projects"(eds.). 2021 21st International Conference on Software Quality, Reliability and Security Companion: 21st International Conference on Software Quality, Reliability and Security Companion (QRS-C), 6-10 Dec. 2021, Hainan, China.(pp.256-261)..

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.