UBITect: A Precise and Scalable Method to Detect Use-before-Initialization Bugs in Linux Kernel
Use-before-Initialization (UBI) bugs in the Linux kernel have serious security impacts, such as information leakage and privilege escalation. Developers are adopting forced initialization to cope with UBI bugs, but this approach can still lead to undefined behaviors (e.g., NULL pointer dereference). As it is hard to infer correct initialization values, we believe that the best way to mitigate UBI bugs is detection and manual patching. Precise detection of UBI bugs requires path-sensitive analysis. The detector needs to track an associated variable’s initialization status along all the possible program execution paths to its uses. However, such exhaustive analysis prevents the detection from scaling to the whole Linux kernel. This paper presents UBITect, a UBI bug finding tool which combines flow-sensitive type qualifier analysis and symbolic execution to perform precise and scalable UBI bug detection. The scalable qualifier analysis guides symbolic execution to analyze variables that are likely to cause UBI bugs. UBITect also does not require manual effort for annotations and hence, it can be directly applied to the kernel without any source code or intermediate representation (IR) change. On the Linux kernel version 4.14, UBITect reported 190 bugs, among which 78 bugs were deemed by us as true positives and 52 were confirmed by Linux maintainers.
Fri 13 NovDisplayed time zone: (UTC) Coordinated Universal Time change
01:00 - 01:30 | |||
01:00 2mTalk | ARDiff: Scaling Program Equivalence Checking via Iterative Abstraction and Refinement of Common Code Research Papers Sahar Badihi University of British Columbia, Canada, Faridah Akinotcho University of British Columbia, Canada, Yi Li Nanyang Technological University, Singapore, Julia Rubin University of British Columbia, Canada DOI Pre-print | ||
01:03 1mTalk | Java Ranger: Statically Summarizing Regions for Efficient Symbolic Execution of Java Research Papers Vaibhav Sharma University of Minnesota, USA, Soha Hussein University of Minnesota, USA / Ain Shams University, Egypt, Michael Whalen University of Minnesota, USA, Stephen McCamant University of Minnesota, USA, Willem Visser Stellenbosch University, South Africa DOI | ||
01:05 1mTalk | PCA: Memory Leak Detection using Partial Call-Path Analysis Tool Demos Wen Li , Haipeng Cai Washington State University, USA, Yulei Sui University of Technology Sydney, David Manz Pacific Northwest National Laboratory, USA DOI | ||
01:07 1mTalk | SWAN: A Static Analysis Framework for Swift Tool Demos Daniil Tiganov University of Alberta, Canada, Jeff Cho University of Alberta, Karim Ali University of Alberta, Julian Dolby IBM Research, USA DOI | ||
01:09 1mTalk | UBITect: A Precise and Scalable Method to Detect Use-before-Initialization Bugs in Linux Kernel Research Papers Yizhuo Zhai University of California at Riverside, USA, Yu Hao University of California at Riverside, USA, Hang Zhang University of California at Riverside, USA, Daimeng Wang University of California at Riverside, USA, Chengyu Song University of California at Riverside, USA, Zhiyun Qian University of California at Riverside, USA, Mohsen Lesani University of California at Riverside, USA, Srikanth V. Krishnamurthy University of California at Riverside, USA, Paul Yu U.S. Army Research Laboratory, USA DOI | ||
01:11 19mTalk | Conversations on Static Analysis Paper Presentations Daniil Tiganov University of Alberta, Canada, Haipeng Cai Washington State University, USA, Sahar Badihi University of British Columbia, Canada, Yizhuo Zhai University of California at Riverside, USA, M: Paul Gazzillo University of Central Florida | ||