引用本文: |
-
涂序文,王晓锋,甘水滔,陈爱国.Diskaller:基于覆盖率制导的操作系统内核漏洞并行挖掘模型[J].信息安全学报,2019,4(2):69-82 [点击复制]
- TU Xuwen,WANG Xiaofeng,GAN Shuitao,CHEN Aiguo.Diskaller:Kernel Vulnerability Parallel Mining Model Based on Coverage Guidance[J].Journal of Cyber Security,2019,4(2):69-82 [点击复制]
|
|
摘要: |
内核是操作系统的核心,它构建了操作系统各类程序运行时需要的基础环境:如进程调度、存储管理、文件系统、设备驱动和网络通信等。操作系统内核漏洞的存在可能使得计算机系统遭受拒绝服务、信息泄露、超级用户权限提升等攻击,因此,针对内核的漏洞挖掘一直是网络安全领域的研究热点。本文在现有的研究基础上,提出一种基于覆盖率制导的内核漏洞并行模糊测试模型,该模型以代码覆盖率为导向,以计算节点和控制节点组成的星型结构作为并行模型,各计算节点通过代码覆盖率对系统内核持续测试,控制节点完成计算节点间代码覆盖率的收集与交互,突破了传统测试模型对计算资源要求限制和数据竞争的瓶颈,极大的提升了代码覆盖率及测试速度,加快了漏洞挖掘的效率。为了验证模型的实用性及有效性,利用Diskaller与Syzkaller和Triforce进行对比,一定条件下Diskaller覆盖率较Syzkaller提升12.8%,执行速率提升229%,较Triforce覆盖率提升335%,执行速率提升450%,并且发现了Linux内核中两个先前未被发现的漏洞。 |
关键词: 分布式 模糊测试 内核测试 漏洞挖掘 操作系统内核 |
DOI:10.19363/J.cnki.cn10-1380/tn.2019.03.07 |
投稿时间:2018-04-18修订日期:2018-05-27 |
基金项目:国家重点研发计划项目(No.2016YFB0800803);国家自然科学基金项目(No.61672264)资助。 |
|
Diskaller:Kernel Vulnerability Parallel Mining Model Based on Coverage Guidance |
TU Xuwen1, WANG Xiaofeng1, GAN Shuitao2, CHEN Aiguo1
|
(1.School of Internet of Things Engineering, Jiangnan University, Wuxi, Jiangsu 214122, China;2.State Key Laboratory of Mathematical Engineering and Advanced Computing, Wuxi, Jiangsu 214083, China) |
Abstract: |
Kernel is the core of the operating system.It builds the basic environment that the operating system needs when running various programs such as process scheduling,storage management,file systems,device drivers,and network communications.The existence of kernel vulnerabilities in operating system may cause computer systems suffer from denial of service,information leakage,super user privilege escalation and other attacks.Therefore,vulnerabilities mining technique in the kernel has always been a research hotspot in the field of network security.Based on the existing researches,this paper proposes a kernel vulnerability parallel mining model based on coverage guidance.This model is based on code coverage rate,and uses a star structure composed of computing nodes and control nodes as the parallel model.The computing node continuously tests the system kernel through code coverage,and the control node complete the interaction of code coverage between computing nodes,which breaks through the bottleneck of the traditional model's limitation on the computing resource requirements,greatly improves the code coverage and testing speed,and accelerates the vulnerabilities Digging efficiency.In order to verify the practicability and effectiveness of the model,Diskaller is compared with Syzkaller and Triforce.Under certain conditions,the Diskaller coverage rate is 12.8% higher than Syzkaller,335% higher than Triforce,the execution speed is increased by 229% compared with Syzkaller,and increased by 450% compared with Triforce,we discovered two previously undiscovered vulnerabilities in the Linux kernel by this method. |
Key words: distributed fuzzing kernel vulnerabilities vulnerability discovery operating system kernel |