Abstract
The Linux kernel’s growth introduces daily bugs that are often detected and eliminated using code analyzers. However, creating accurate Linux patches remains challenging and poses security risks. To address this, we manually analyzed 182 incorrectly developed Linux kernel patches and discovered that the inaccuracies usually result from changes to variable read and write operations by the patch. Based on this finding, we created KLAUS, a new method for evaluating patch quality. KLAUS leverages abstract interpretation to extract modified read and write operations caused by the patch in the Linux kernel. It combines these alterations with branch-resolving mechanisms to guide a kernel fuzzer toward relevant code and contexts. Testing KLAUS on numerous real-world Linux kernel patches demonstrates its superior effectiveness and efficiency in detecting incorrectly developed patches. So far, KLAUS has identified and reported 30 incorrect patches to the Linux community, some of which could enable privilege escalation on Android and Ubuntu systems.
Original language | English (US) |
---|---|
Title of host publication | 32nd USENIX Security Symposium, USENIX Security 2023 |
Publisher | USENIX Association |
Pages | 4247-4264 |
Number of pages | 18 |
ISBN (Electronic) | 9781713879497 |
State | Published - 2023 |
Event | 32nd USENIX Security Symposium, USENIX Security 2023 - Anaheim, United States Duration: Aug 9 2023 → Aug 11 2023 |
Publication series
Name | 32nd USENIX Security Symposium, USENIX Security 2023 |
---|---|
Volume | 6 |
Conference
Conference | 32nd USENIX Security Symposium, USENIX Security 2023 |
---|---|
Country/Territory | United States |
City | Anaheim |
Period | 8/9/23 → 8/11/23 |
Funding
We thank our shepherd and other anonymous reviewers for their insightful feedback. This work was supported by grants from Defense Advanced Research Projects Agency (DARPA) under Grant No. N6600122C4026, Office of Naval Research (ONR) under Grant No. N00014-20-1-2008, and the National Science Foundation (NSF) under Grant No. 1954466, 2045948. Any opinions, findings, conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the funding agency.
ASJC Scopus subject areas
- Computer Networks and Communications
- Information Systems
- Safety, Risk, Reliability and Quality