| 引用本文: |
-
张东升,郭青丽,赵蓓蓓,龚晓锐.分布式系统的文件权限缺陷分析与检测[J].信息安全学报,已采用 [点击复制]
- Zhang Dongsheng,Guo Qingli,Zhao Beibei,Gong Xiaorui.Characterizing and Detecting the File Permission Bugs in Distributed Systems[J].Journal of Cyber Security,Accept [点击复制]
|
|
| 摘要: |
| 文件是系统运行过程中最常用的存储载体,由于文件中包含了敏感信息,系统软件通常需要为文件设置严格的权限。但在分布式系统中,不同用户启动的组件可能访问相同的文件,开发者在设置文件权限、访问者和路径时都有可能出现错误,因而引起文件权限缺陷。文件权限缺陷对分布式系统会造成非常严重的危害,如用户请求失败、敏感信息泄露等,严重的甚至会引起集群宕机。本文以分布式系统中的文件权限缺陷为研究对象,从15个广泛使用的分布式系统中搜集了130个文件权限缺陷,归纳出可引起文件权限缺陷的5种因素,即错误的用户、错误的路径、权限严格、权限宽松和权限模糊。并通过详细的缺陷分析,对文件权限缺陷产生的根源和影响进行了系统研究。本文发现,权限模糊缺陷在文件权限缺陷中占比最大,且产生的影响较广,既能引起资源不可访问,又能引起资源泄漏,因此本文根据文件权限缺陷自身的特点,设计出有针对性的检测方法,并开发出静态文件权限模糊检测工具MFPChecker(Missing File Permission Checker)。MFPChecker可有效检测系统中未显式设置文件权限的缺陷。在10个系统上的实验表明,MFPChecker可以检测到73.9%(17/23)的旧缺陷,同时检测到769个新缺陷,误报率仅为5.7%。这其中14个缺陷已被开源社区确认,7个被我们提交的补丁修复,这些缺陷的修复方式得到了开发者的认可。 |
| 关键词: 文件权限 缺陷 分布式系统 |
| DOI:10.19363/J.cnki.cn10-1380/tn.2024.08.21 |
| 投稿时间:2022-09-15修订日期:2023-01-10 |
| 基金项目:中国科学院战略性先导科技专项项目(No.Y9W0014116) |
|
| Characterizing and Detecting the File Permission Bugs in Distributed Systems |
|
Zhang Dongsheng, Guo Qingli, Zhao Beibei, Gong Xiaorui
|
| (Institute of Information Engineering, Chinese Academy of Sciences) |
| Abstract: |
| File is the most commonly used storage carrier during the operation of a system. Because the file contain sensitive infor-mation, system software usually needs to set strict permissions for files. However, in a distributed system, components launched by different users may access the same file. Developers may make mistakes in setting file permission, visitor, and path, resulting in file permission bugs. File permission bugs can cause serious damage to distributed systems, such as the failure of user requests, leakage of sensitive information, or even causing cluster downtime. In this paper, we focus on file permission bugs in distributed systems and collect 130 file permission bugs from 15 widely used distributed systems. The five factors that lead to file permission bugs are summarized as wrong user, wrong path, strict permission, loose per-mission, and ambiguous permission. The root causes and effects of file permission bugs are systematically studied through detailed bug analysis. In this paper, we find that ambiguous permissions account for the largest proportion of file permission bugs and have a broad impact. Ambiguous permissions can lead to not only resource inaccessibility caused by strict permission, but also resource leakage caused by loose permission. Therefore, in this paper, we design a targeted de-tection method based on the characteristics of file permission bug. A static ambiguous file permission detection tool named MFPChecker (Missing File Permission Checker) is developed. MFPChecker can effectively detect flaws where file permissions are not explicitly set in the system. Experiments on ten systems show that MFPChecker can detect 73.9% (17/23) old bugs and 769 new bugs with a false positive rate of only 5.7%. Of these, 14 have been confirmed by the open source community and 7 have been fixed by patches submitted by us, These bugs were fixed in a way that was accepted by the developers. |
| Key words: file permission bugs distributed systems |
