使用符号化驱动环境检测Linux设备驱动程序的漏洞

研究表明,驱动程序的漏洞是造成Linux系统安全问题的主要原因之一,可引发提权、拒绝服务等高危情况。针对无具体设备的情况下,无法对驱动程序进行运行时漏洞检测的问题,提出了对驱动程序进行符号化执行的思路,提出了一种基于符号执行技术实现的驱动程序模拟环境,可以用于分析和检测Linux设备驱动程序中存在的安全漏洞。该环境通过模拟内核提供给驱动程序的服务接口,使驱动程序可以在应用层进行符号执行进而可对其进行漏洞检测。同时,该环境无需真实硬件的支持,并且具备覆盖率高、执行速度快、易于扩展等特点。通过将该环境作用于6个不同的Linux设备驱动,检测出了6个真实的漏洞,其中三个漏洞已向驱动维护者提交补丁并被接受。实验结果表明,符号化驱动环境具备一定的漏洞检测能力,并且拥有资源消耗低、检测速度快和不依赖于硬件设备的特点。

Symbolic device driver environment for detecting bugs in Linux device driver

Studies have shown that driver vulnerability is one of the main causes of Linux security issues, which can lead to privilege escalation, denial of service and other high risk situations. Considering the difficulty of driver vulnerability detection without real devices, this paper proposes symbolic execution of Linux drivers and implements the symbolic device driver environment (SDDE ), which can detect bugs in Linux device driver. The SDDE provides symbolic kernel services and symbolic devices, making symbolic execution of Linux driver and runtime driver vulnerability detection possible. The SDDE works without real hardware, and has high coverage, high performance and good scalability. The SDDE is applied to 6 Linux drivers, and we found six real bugs, three of which are confirmed by Linux developers.