UBITect: A Precise and Scalable Method to Detect Use-before-Initialization... (Video, ESEC/FSE 2020

"UBITect: A Precise and Scalable Method to Detect Use-before-Initialization Bugs in Linux Kernel (Video, ESEC/FSE 2020) Yizhuo Zhai, Yu Hao, Hang Zhang, Daimeng Wang, Chengyu Song, Zhiyun Qian, Mohsen Lesani, Srikanth V. Krishnamurthy, and Paul Yu (University of California at Riverside, USA; University of California at Riverside, USA; University of California at Riverside, USA; University of California at Riverside, USA; University of California at Riverside, USA; University of California at Riverside, USA; University of California at Riverside, USA; University of California at Riverside, USA; U.S. Army Research Laboratory, USA) Abstract: Use-before-Initialization (UBI) bugs in the Linux kernel have serious security impacts, such as information leakage and privilege escalation. Developers are adopting forced initialization to cope with UBI bugs, but this approach can still lead to undefined behaviors (e.g., NULL pointer dereference). As it is hard to infer correct initialization values, we believe that the best way to mitigate UBI bugs is detection and manual patching. Precise detection of UBI bugs requires path-sensitive analysis. The detector needs to track an associated variable’s initialization status along all the possible program execution paths to its uses. However, such exhaustive analysis prevents the detection from scaling to the whole Linux kernel. This paper presents UBITect, a UBI bug finding tool which combines flow-sensitive type qualifier analysis and symbolic execution to perform precise and scalable UBI bug detection. The scalable qualifier analysis guides symbolic execution to analyze variables that are likely to cause UBI bugs. UBITect also does not require manual effort for annotations and hence, it can be directly applied to the kernel without any source code or intermediate representation (IR) change. On the Linux kernel version 4.14, UBITect reported 190 bugs, among which 78 bugs were deemed by us as true positives and 52 were confirmed by Linux maintainers. Article: https://doi.org/10.1145/3368089.3409686 Supplementary archive: https://doi.org/10.5281/zenodo.3905204 (Badges: Artifacts Available, Artifacts Evaluated — Functional) Supplementary web page: https://github.com/seclab-ucr/UBITect/blob/master/QualifierTypeInference.pdf ORCID: https://orcid.org/0000-0003-1577-3914 Submitted to the conference by Yizhuo Zhai on 2020-11-02 Video Tags: Use-before-Initialization, bug detection, type qualifier, symbolic execution, fse20main-p172-p, DOI: 10.1145/3368089.3409686, DOI: 10.5281/zenodo.3905204, ORCID: 0000-0003-1577-3914, Artifacts Available, Artifacts Evaluated — Functional Presentation at the ESEC/FSE 2020 conference, November 8–13, 2020, https://2020.esec-fse.org/ Sponsored by ACM SIGSOFT, https://www.sigsoft.org/ Twitter: https://twitter.com/fseconf Reddit: https://www.reddit.com/r/ESECFSE"

Видео UBITect: A Precise and Scalable Method to Detect Use-before-Initialization... (Video, ESEC/FSE 2020 автора JavaScript Рефакторинг