Wang, P;
Krinke, J;
Lu, K;
Li, G;
Dodier-Lazaro, S;
(2017)
How Double-Fetch Situations turn into Double-Fetch Vulnerabilities: A Study of Double Fetches in the Linux Kernel.
In:
Proceedings of the 26th USENIX Security Symposium.
The Advanced Computing Systems Association: Vancouver, BC, Canada.
Preview |
Text
Dodier-Lazaro_sec17-wang.pdf - Published Version Download (474kB) | Preview |
Abstract
We present the first static approach that systematically detects potential double-fetch vulnerabilities in the Linux kernel. Using a pattern-based analysis, we identified 90 double fetches in the Linux kernel. 57 of these occur in drivers, which previous dynamic approaches were unable to detect without access to the corresponding hardware. We manually investigated the 90 occurrences, and inferred three typical scenarios in which double fetches occur. We discuss each of them in detail. We further developed a static analysis, based on the Coccinelle matching engine, that detects double-fetch situations which can cause kernel vulnerabilities. When applied to the Linux, FreeBSD, and Android kernels, our approach found six previously unknown double-fetch bugs, four of them in drivers, three of which are exploitable double-fetch vulnerabilities. All of the identified bugs and vulnerabilities have been confirmed and patched by maintainers. Our approach has been adopted by the Coccinelle team and is currently being integrated into the Linux kernel patch vetting. Based on our study, we also provide practical solutions for anticipating double-fetch bugs and vulnerabilities. We also provide a solution to automatically patch detected double-fetch bugs.
| Type: | Proceedings paper |
|---|---|
| Title: | How Double-Fetch Situations turn into Double-Fetch Vulnerabilities: A Study of Double Fetches in the Linux Kernel |
| Event: | 26th USENIX Security Symposium |
| Location: | Vancouver, BC, Canada |
| Dates: | 16 August 2017 - 18 August 2017 |
| ISBN-13: | 978-1-931971-40-9 |
| Open access status: | An open access version is available from UCL Discovery |
| Publisher version: | https://www.usenix.org/system/files/conference/use... |
| Language: | English |
| Additional information: | This version is the Version of Record. For information on re-use, please refer to the publisher’s terms and conditions. |
| UCL classification: | UCL UCL > Provost and Vice Provost Offices > UCL BEAMS UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Computer Science |
| URI: | https://discovery.ucl.ac.uk/id/eprint/1557280 |
Loading...
Loading...Loading...Loading...Archive Staff Only
 |
View Item |
