GithubHelp home page GithubHelp logo

rheinhauss / lrsan Goto Github PK

View Code? Open in Web Editor NEW

This project forked from kengiter/lrsan

0.0 0.0 0.0 89 KB

LRSan: Detecting Lacking-Recheck Bugs in OS Kernels

Shell 0.29% C++ 95.39% C 3.39% Makefile 0.20% CMake 0.46% Dockerfile 0.28%

lrsan's Introduction

LRSan: Detecting Lacking-Recheck Bugs in OS Kernels

Operating system kernels carry a large number of security checks to validate security-sensitive variables and operations. Lacking-recheck bugs (LRC) are cases in which security-checked variables are further modified, and no recheck is enforced. LRC bugs invalidate the intended checks and thus may lead to attacks such as out-of-bound memory access or privilege escalation. LRSan is a static analysis tool that detects LRC bugs in OS kernels. LRSan first automatically identifies security checks, critical variables, and uses of the checked variables, and then reasons about whether a modification is present after a security check. A case in which a modification is present but a recheck is lacking is identified as an LRC bug.

How to use LRSan

(Tested on Ubuntu 16.04 64-bit)

Build LLVM

	$ cd llvm 
	$ ./build-llvm.sh 
	# The installed LLVM is of version 7.0.0

Build LRSan analyzer

	# Build the analysis pass of analyzer 
	$ cd ../analyzer 
	$ make 
	# Now, you can find the "lrsan" binary in build/lib/lrsan

Prepare LLVM bitcode files of OS kernels

  • Replace error-code definition files of the Linux kernel with the ones in "encoded-errno"
  • The code should be compiled with the built LLVM
  • Compile the code with options: -O0 or -O2, -g, -fno-inline
  • Generate bitcode files

Run lrsan

	# To analyze a single bitcode file, say "test.bc", run:
	$ ./build/lib/lrsan -lrc test.bc
	# To analyze a list of bitcode files, put the absolute paths of the bitcode files in a file, say "bc.list", then run:
	$ ./lrsan -lrc @bc.list

More details

@inproceedings{lrsan-ccs18,
  title        = {{Check it Again: Detecting Lacking-Recheck Bugs in OS Kernels}},
  author       = {Wenwen Wang and Kangjie Lu and Pen-Chung Yew},
  booktitle    = {Proceedings of the 25th ACM Conference on Computer and Communications Security (CCS)},
  month        = oct,
  year         = 2018,
  address      = {Toronto, Canada},
}

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.