Checking Security Checks in OS Kernels

主 讲 人 :Dr. Kangjie Lu    


地      点 :理科群1号楼D418


Operating system (OS)kernels play a critical role in computer systems, which not only managehardware and system resources, but also provide services and protection.To safely perform these complicated and error-prone tasks, OS kernels enforce alarge number of security checks which validate system states.  Unfortunately,security checks themselves areoften buggy.  In particular, a security checkmay be missing or incomplete, be placed in an improper location, target a wrongvariable, etc. These bugs can be exploited for severe attacks such as ompletesystem control and information leakage. In this talk, I will first talk about how to automatically identifysecurity checks and then present how to detect the three common classes ofsecurity-check bugs, namely, insufficient checks, incorrect checks, andineffective checks. I will also present a set of new techniques that havehelped us to find hundreds of new critical security-check bugs in OS kernelsand share our interesting experience on working with Linux maintainers to patchthese bugs.  Several techniques such asfinding indirect-call targets, identifying critical variables, and finding semantically-similarcode paths are generic and thus can also benefit future research on bugdetection and system hardening.


Dr. Kangjie Lu is anassistant professor in the Computer Science & Engineering Department of theUniversity of Minnesota-Twin Cities. His research interests include securityand privacy, program analyses, and operating systems. He is particularlyinterested in automatically finding classes of vulnerabilities in widely used systemsand hardening them while preserving their reliability and

efficiency. Hisresearch results are mainly published at top-tier venues and have led to manyimportant updates in the Linux kernel, the Android OS, the FreeBSD kernel, andApple’s iOS. He received his Ph.D. in Computer Science from the GeorgiaInstitute of Technology.

