UBITect: A Precise and Scalable Method to Detect Use-before-Initialization Bugs in Linux Kernel
Use-before-Initialization (UBI) bugs in the Linux kernel have serious security impacts, such as information leakage and privilege escalation. Developers are adopting forced initialization to cope with UBI bugs, but this approach can still lead to undefined behaviors (e.g., NULL pointer dereference). As it is hard to infer correct initialization values, we believe that the best way to mitigate UBI bugs is detection and manual patching. Precise detection of UBI bugs requires path-sensitive analysis. The detector needs to track an associated variable’s initialization status along all the possible program execution paths to its uses. However, such exhaustive analysis prevents the detection from scaling to the whole Linux kernel. This paper presents UBITect, a UBI bug finding tool which combines flow-sensitive type qualifier analysis and symbolic execution to perform precise and scalable UBI bug detection. The scalable qualifier analysis guides symbolic execution to analyze variables that are likely to cause UBI bugs. UBITect also does not require manual effort for annotations and hence, it can be directly applied to the kernel without any source code or intermediate representation (IR) change. On the Linux kernel version 4.14, UBITect reported 190 bugs, among which 78 bugs were deemed by us as true positives and 52 were confirmed by Linux maintainers.
Fri 13 Nov Times are displayed in time zone: (UTC) Coordinated Universal Time change
01:00 - 01:02 Talk | ARDiff: Scaling Program Equivalence Checking via Iterative Abstraction and Refinement of Common Code Research Papers Sahar BadihiUniversity of British Columbia, Canada, Faridah AkinotchoUniversity of British Columbia, Canada, Yi LiNanyang Technological University, Singapore, Julia RubinUniversity of British Columbia, Canada DOI Pre-print | ||
01:03 - 01:04 Talk | Java Ranger: Statically Summarizing Regions for Efficient Symbolic Execution of Java Research Papers Vaibhav SharmaUniversity of Minnesota, USA, Soha HusseinUniversity of Minnesota, USA / Ain Shams University, Egypt, Michael WhalenUniversity of Minnesota, USA, Stephen McCamantUniversity of Minnesota, USA, Willem VisserStellenbosch University, South Africa DOI | ||
01:05 - 01:06 Talk | PCA: Memory Leak Detection using Partial Call-Path Analysis Tool Demos Wen Li, Haipeng CaiWashington State University, USA, Yulei SuiUniversity of Technology Sydney, David ManzPacific Northwest National Laboratory, USA DOI | ||
01:07 - 01:08 Talk | SWAN: A Static Analysis Framework for Swift Tool Demos Daniil TiganovUniversity of Alberta, Canada, Jeff ChoUniversity of Alberta, Karim AliUniversity of Alberta, Julian DolbyIBM Research, USA DOI | ||
01:09 - 01:10 Talk | UBITect: A Precise and Scalable Method to Detect Use-before-Initialization Bugs in Linux Kernel Research Papers Yizhuo ZhaiUniversity of California at Riverside, USA, Yu HaoUniversity of California at Riverside, USA, Hang ZhangUniversity of California at Riverside, USA, Daimeng WangUniversity of California at Riverside, USA, Chengyu SongUniversity of California at Riverside, USA, Zhiyun QianUniversity of California at Riverside, USA, Mohsen LesaniUniversity of California at Riverside, USA, Srikanth V. KrishnamurthyUniversity of California at Riverside, USA, Paul YuU.S. Army Research Laboratory, USA DOI | ||
01:11 - 01:30 Talk | Conversations on Static Analysis Paper Presentations Daniil TiganovUniversity of Alberta, Canada, Haipeng CaiWashington State University, USA, Sahar BadihiUniversity of British Columbia, Canada, Yizhuo ZhaiUniversity of California at Riverside, USA, M: Paul GazzilloUniversity of Central Florida |