摘要: |
安全检查是OS中最常见的安全增强方式,是漏洞检测的重要基石。检测安全检查必然要用到异常处理函数,本论文从检测异常处理函数入手,实现了基于异常处理函数的安全检查检测方法。论文提出了一种语义感知的安全检查检测方法(Sased),通过基于自然语义、程序语义的异常处理函数检测方法对Linux系统的函数控制流进行静态分析。同时,Sased可以对异常处理函数和安全检查进行回溯过滤从而降低其误报率。通过实验,Sased共报告异常处理函数795个,安全检查41519个,二者都达到了90%以上的检测准确率。这其中,有208个异常处理函数是之前的工作中从未发现的。同时,我们结合已有的漏洞检测方法,发现了Linux内核的9个新漏洞。实验表明Sased可以非常高效地检测OS中的异常处理函数及安全检查,从而为操作系统漏洞检测提供有益的参考。 |
关键词: 异常处理 安全检查 系统安全 |
DOI:10.19363/J.cnki.cn10-1380/tn.2020.09.02 |
Received:November 30, 2019Revised:February 17, 2020 |
基金项目: |
|
Semantic-aware Security Check Detection Method |
FANG Yutong,LIU Hongyi,LI Jingwei,WEN Weiping |
School of Software and Microelectronics, Peking University, Beijing 102600, China |
Abstract: |
The security check is the most common security enhancement method in OS, and it is an essential cornerstone of vulnerability detection. Detecting security checks has to use the functions of exception handling. This paper starts with the detection of the exception handling function and implements a method of security check detection based on the exception handling function. This paper proposes a Semantic-aware Security Check Detection Method (Sased), which performs static analysis on the function control flow of the Linux system via an exception handling function detection method based on natural and program semantics. At the same time, Sased can retrospectively filter exception handling functions and security checks to reduce its false-positive rate. Through experiments, Sased reports a total of 795 exception handling functions and 41519 security checks, both of which have achieved a detection accuracy of more than 90%. Among them, 208 exception handling functions have never been found in previous work. At the same time, we combined the existing vulnerability detection methods and found 9 new vulnerabilities in the Linux kernel. Experiments show that Sased can detect exception handling functions and security checks in the OS very efficiently, thus providing a useful reference for operating system vulnerability detection. |
Key words: exception handling security check system security |