Annual Computer Security Applications Conference (ACSAC) 2018

Full Program »

A Heuristic Framework to Detect Concurrency Vulnerabilities

With a growing usage of multi-core hardware and software to exploit hardware capability, concurrency vulnerabilities have become an inevitable threat to the security of today's IT industry. Existing concurrent program detection schemes focus mainly on concurrency errors such as data race, atomic violation, etc., with little attention paid to detect concurrency vulnerabilities that may be exploited to infringe security. In this paper, we propose a heuristic framework that combines both static analysis and dynamic approach to detect concurrency vulnerabilities, particularly concurrency buffer overflow, concurrency double free, and concurrency use-after-free. In this framework, we collect sensitive concurrent operations and operation patterns of each concurrency vulnerability by studying real-world concurrency vulnerabilities, and apply static analysis to locate these sensitive concurrent operations in a concurrent program, compare with the operation patterns to categorize each finding into a potential type of concurrency vulnerability. Then we apply forced scheduling in fuzz testing of the program to explore the execution orders that likely trigger the potential concurrency vulnerabilities. We also introduce random scheduling into a fuzzer such as AFL to enable AFL to effectively explore thread interleavings in a concurrent program, which significantly enhances the power of AFL in detecting concurrency bugs and vulnerabilities in a concurrent program. To the best of our knowledge, we are the first to enable a fuzzer to effectively explore thread interleavings to detect concurrency vulnerabilities. By applying the proposed framework, we have discovered some unreported bugs in some real-world concurrent C programs. This demonstrates the effectiveness of our proposed framework.

Changming Liu
Huazhong University of Science and Technology
China

Deqing Zou
Huazhong University of Science and Technology
China

Peng Luo
Huazhong University of Science and Technology
China

Bin Zhu
Microsoft Research Asia
China

Hai Jin
Huazhong University of Science and Technology
China

 



Powered by OpenConf®
Copyright©2002-2018 Zakon Group LLC