| It has been proved that Linux driver bug is the major source of the whole system.The security problems, such as kernel crashes cause of driver bugs, are becoming veryserious problems. There are a lot of kinds of driver bugs, among which integer overflowbugs have been main threats. Because of observability problems and coverage problems,it is difficult to detect driver bugs. All in all, the large quantity and the various kinds ofdriver bugs, including the difficulties to detect driver bugs, lead to a worthy work toresearch on detecting Linux driver bugs, especially integer overflow bugs.The main work of this paper is as follows:Firstly, we summarize the advantages and disadvantages of existing methods,which are used to detect driver bugs. Secondly, we analyze the typical static analysistools, dynamic analysis tools and symbolic execution tools. Based on the experimentresults, the advantages and disadvantages are given. Thirdly, we implement a prototypesystem to detect integer overflow bugs in Linux kernel and drivers, which combinesthese advantages of the analysis tools. Finally, another automatic and fast tool calledSymbolic Driver Environment is been implemented to avoid the shortcomings of theprototype system, which is also customizable and extendible.We apply the prototype system and Symbolic Driver Environment on Linux drivers,and find existing bugs or approved bugs. It proves that these tools are feasible. We alsocompare the performances of these tool and the old ones to show that the prototypesystem and Symbolic Driver Environment are more effective.However, there are many aspects to improve. We can apply the prototype system tothe whole Linux kernel or user programs. We can also optimize the scheduling strategyand the pruning strategy to avoid path explosion. Moreover, we can support moredrivers and add more check rules in Symbolic Driver Environment, and so on. |
PDF Full Text Request