目标导向的多线程程序UAF漏洞预测方法

Target-oriented UAF Vulnerability Prediction Method of Multi-threaded Programs

下载PDF

导出

摘要 Use-after-free(UAF)漏洞是多线程程序的常见并发缺陷.预测性UAF漏洞检测方法因兼顾误报率和漏报率而备受关注.然而,已有的预测性UAF检测方法未结合待检测目标作针对性优化,当程序规模大或行为复杂时会导致检测效率低下.为了解决上述问题,提出一种目标导向的多线程程序UAF漏洞检测方法.首先,由程序运行轨迹挖掘程序的Petri网模型;之后,针对每一个潜在可构成UAF漏洞的内存Free/Use操作对,以触发该漏洞为目标导向,在程序的Petri网模型中添加保持操作间因果约束和数据一致性的行为控制结构;在此基础上,设计了一种基于Petri网反向展开的UAF漏洞检测方法.该方法每次只针对1个潜在的UAF漏洞,有针对性地验证其真实性,从而保证检测的效率.与此同时,为了减少待检测的潜在UAF漏洞数量,提出了一种新型向量时钟进行Free操作与Use操作间的因果关系自动识别,据此对潜在的UAF漏洞进行筛选.结合多个程序实例对所提方法进行了实验评估.实验结果表明,所提方法在检测的效率和准确性方面较主流方法有所提高. Use-after-free(UAF)vulnerability is a common concurrency defect in multi-threaded programs.Predictive UAF vulnerability detection methods have attracted much attention for their balance of false positives and misses.However,existing predictive UAF detection methods are not optimized for the target to be detected,which leads to unacceptable detection efficiency when the program is large or has complex behavior.To address the issue,proposes a target-oriented method to detect UAF vulnerabilities in multi-threaded programs.Firstly,the Petri net model of the program is mined from the program traces.Then,for each potential memory Free and Use operation pair that could constitute a UAF vulnerability.To add behavioural control structures that maintains causal constrains and data consistency between operations to the Petri net model of the program,with the target of triggering the vulnerability.On this basis,a UAF vulnerability detection method based on Petri net reverse unfolding is designed.This method verifies the authenticity of only one potential UAF vulnerability at a time,thus ensuring the efficiency of detection.This method verifies the validity of one potential UAF vulnerability at a time,thus ensuring the efficiency of detection.At the same time,in order to reduce the number of potential UAF vulnerabilities to be detected,a new vector clock is proposed in this paper to automatically identify the causal relationship between Free and Use operations,and to filter the potential UAF vulnerabilities accordingly.The proposed method is experimentally evaluated with several program examples.The experimental results show that the proposed method improves the efficiency and accuracy of detection compared to the mainstream methods.

作者鲁法明唐梦凡包云霞曾庆田李彦成 LU Fa-Ming;TANG Meng-Fan;BAO Yun-Xia;ZENG Qing-Tian;LI Yan-Cheng(College of Computer Science and Engineering,Shandong University of Science and Technology,Qingdao 266590,China;College of Mathematics and Systems Science,Shandong University of Science and Technology,Qingdao 266590,China;Baidu Online Network Technology(Beijing)Co.,Ltd.,Beijing 100193,China)

机构地区山东科技大学计算机科学与工程学院山东科技大学数学与系统科学学院百度在线网络技术(北京)有限公司

出处《软件学报》 EI CSCD 北大核心 2023年第7期3043-3063,共21页 Journal of Software

基金国家自然科学基金(61602279) 山东省泰山学者工程专项基金(ts20190936) 山东省高等学校青创科技支持计划(2019KJN024) 山东省自然科学基金智慧计算联合基金(ZR2021LZH004) 青岛市西海岸新区2022年“揭榜挂帅”技术攻关项目。

关键词软件验证并发漏洞 PETRI网 UAF漏洞反向展开 software verification concurrency vulnerability Petri net UAF vulnerability reverse unfolding

分类号 TP311 [自动化与计算机技术—计算机软件与理论]

引文网络
相关文献

参考文献5

1苏小红,禹振,王甜甜,马培军.并发缺陷暴露、检测与规避研究综述[J].计算机学报,2015,38(11):2215-2233. 被引量：19
2张健,张超,玄跻峰,熊英飞,王千祥,梁彬,李炼,窦文生,陈振邦,陈立前,蔡彦.程序分析研究进展[J].软件学报,2019,30(1):80-109. 被引量：41
3郝宗寅,鲁法明.Petri网的反向展开及其在程序数据竞争检测的应用[J].软件学报,2021,32(6):1612-1630. 被引量：3
4庞善臣,蒋昌俊,孙萍,周长红.共享合成Petri网的性质分析[J].自动化学报,2004,30(6):944-948. 被引量：9
5鲁法明,郑佳静,包云霞,曾庆田,段华,王晓宇.基于锁增广分段图的多线程程序死锁检测[J].软件学报,2021,32(6):1682-1700. 被引量：3

二级参考文献128

1蒋昌俊.Petri网的广义笛积运算[J].自动化学报,1993,19(6):745-749. 被引量：23
2Gochman S, Mendelson A, Naveh A, et al. Introduction to lntel core duo processor architecture. Intel Technology Journal, 2006, 10(2): 89-97.
3Sutter H. The free lunch is over: A fundamental turn toward concurrency in software. Dr. Dobb's Journal, 2005, 30(3): 202-210.
4Musuvathi M~ Qadeer S. Iterative context bounding for systematic testing of multithreaded programs. ACM SIGPLAN Notices, 2007, 42(6): 446-455.
5Bron A, Earchi E, Magid Y, et al. Applications of synchro- nization coverage/ /Proceedings o{ the 10th ACM SIGPLAN Symposium on Principles and Practice of Parallel Programming. Chicago, USA, 2005:206-212.
6Sen K. Race directed random testing of concurrent programs. ACM SIGPLAN Notices, 2008, 43(6): 11-21.
7Park S, Lu S, Zhou Y. CTrigger: Exposing atom{city violation bugs from their hiding places. ACM SIGPLAN Notices, 2009, 44(3): 25-36.
8Zhang W, Lira J, Olichandran R, et al. ConSeq: Detecting concurrency bugs through sequential errors. ACM SIGPLAN Notices, 2011, 47(4): 261-264.
9Lu S, Park S, Seo E, et al. Learning from mistakes: A comprehensive study on real world concurrency bug charac- teristics. ACM SIGARCH Computer Architecture News, 2008, 36(1): 329-339.
10Yin Z N, Yuan D, Zhou Y Y, et al. How do fixes become bugs?--A comprehensive characteristic study on incorrect {ixes in commercial and open source operating systems// Proceedings of the 19th ACM SIGSOFT Symposium on the Foundations of So{tware Engineering. Szeged, Hungary, 2011:26-36.

共引文献64

1王淑灵,詹博华,盛欢欢,吴昊,易士程,王令泰,金翔宇,薛白,李静辉,向霜晴,向展,毛碧飞.可信系统性质的分类和形式化研究综述[J].软件学报,2022,33(7):2367-2410. 被引量：2
2庞善臣,闫春钢,蒋昌俊.基于家态的多事务工作流完整性分析[J].电子学报,2006,34(6):1163-1168. 被引量：4
3刘俊先,姜志平,罗雪山.合成Petri网P不变量的性质分析[J].系统工程与电子技术,2007,29(8):1349-1352. 被引量：2
4李舒,白星振.基于混杂Petri网的交通网络性能分析[J].计算机与现代化,2009(9):45-47. 被引量：1
5祝军,曾庆田.基于变迁指标分解的Petri网性质分析[J].计算机科学与探索,2010,4(8):761-768.
6庞善臣.一种基于资源约束的工作流建模及分析方法[J].电子学报,2012,40(8):1497-1502. 被引量：4
7周从华,鞠时光.一种基于Petri网的隐蔽信息流分析方法[J].计算机学报,2012,35(8):1688-1699. 被引量：2
8庞善臣,林闯.可重写Petri网:位置可重写及性质分析[J].计算机学报,2012,35(10):2182-2193. 被引量：3
9禹振,苏小红,齐鹏,马培军.基于未来锁集的死锁规避[J].计算机研究与发展,2017,54(2):428-445. 被引量：2
10蒋炎岩,许畅,马晓星,吕建.获取访存依赖:并发程序动态分析基础技术综述[J].软件学报,2017,28(4):747-763. 被引量：11

1叶迎晖,田雨佳,卢光跃,刘英挺.基于能量收集的互惠共生无线电中断性能分析[J].电子与信息学报,2023,45(7):2350-2357. 被引量：1
2孔凯薇,霍冬冬,苏东楠,徐震.IoT设备程序同源性智能检测技术综述[J].信息安全学报,2023,8(3):103-127.
3张全涛.大数据时代侦查机关获取公民数据信息的权力边界与实践规制研究[J].中国人民公安大学学报（社会科学版）,2023,39(3):30-44.

软件学报

2023年第7期

浏览历史

内容加载中请稍等...

目标导向的多线程程序UAF漏洞预测方法

参考文献5

二级参考文献128

共引文献64

相关作者

相关机构

相关主题

浏览历史