| Studies have shown that driver vulnerabilities is one of the major threats to the security of Linux kernel. It contains many type of vulnerabilities, such as integer errors, memory errors, and API misuse, which might lead to privilege escalation, denial of service and other high-risk situations. However, general program analysis techniques can’t be applied directly to the Linux device driver’s analysis and vulnerability detection, detection method is also demanding. Therefore, study on vulnerabilities in Linux drivers, especially the memory errors, integer errors and other types of vulnerabilities, is important.First, the major error types in Linux drivers are analyzed, and second, static analysis, dynamic analysis and symbolic execution techniques are studied. Finally, the Linux driver bug detection idea which based on symbolic execution and combines static analysis and dynamic analysis technology are proposed. The main work is as follows:1. Aiming at the problem of high false positive rate in static analysis, we proposed the idea to use dynamic analysis to verify the static analysis results, and implements the corresponding detection system. Moreover, through the integration of symbolic hardware technology, it can conveniently be used to simulate hardware devices and dynamically run Linux drivers.2. Designed and implemented symbolic device driver environment(SDDE). SDDE provides symbolic kernel services and symbolic devices, making symbolic execution of Linux driver and runtime driver vulnerability detection possible. SDDE works without real hardware, and it has many advantages such as high coverage, high performance and good scalability.3. In applying SDDE to 6 Linux drivers, 6 real bugs were found, 3 of which were confirmed by Linux developers. Experimental results show that SDDE can detect vulnerability, and has the characteristics of low resource consumption, fast detection speed and does not depend on the hardware device. |
PDF Full Text Request