Checking Security Checks in OS Kernels 预约报名-中科图云活动-活动行

活动详情
活动嘉宾
参与名单

报告时间： 2019年11月22日（周五）

下午 15:30-17:30

报告地点：计算所1101会议室

主讲人：卢康杰（明尼苏达大学助理教授）

邀请人：武成岗

Abstract:

Operating system (OS) kernels play a critical role in computer systems, which not only manage hardware and system resources, but also provide services and protection. To safely perform thesecomplicated and error-prone tasks, OS kernels enforce a large number of security checks which validate system states. Unfortunately,security checks themselves are often buggy. In particular, a security check may be missing or incomplete, be placed in an improper location, target a wrong variable, etc. These bugs can be exploited for severe attacks such as entire system control and information leakage. In this talk, I will first talk about how to automatically identify security checks and then present how to detect the three common classes of security-check bugs, namely, insufficient checks, incorrect checks, and ineffective checks. I will also present a set of new techniques that have helped us to find hundreds of new critical security-check bugs in OS kernels and share our interesting experience on working with Linux maintainers to patch these bugs.Several techniques such as finding indirect-call targets, identifying critical variables, and finding semantically-similar code paths are generic and thus can also benefit future research on bug detection and system hardening.

Bio:

Dr. Kangjie Lu is an assistant professor in the Computer Science & Engineering Department of the University of Minnesota-Twin Cities.His research interests include security and privacy, program analysis, and operating systems. He is particularly interested in automatically finding classes of vulnerabilities, introduced by both developers and compilers, in widely used systems, and hardening systems while preserving their reliability and efficiency. He won the best paper award at ACM CCS 2019. His research results are mainly published at top-tier venues and have led to many important updates in the Linux kernel, the Android OS, the FreeBSD kernel, and Apple’s iOS. He received his Ph.D. in Computer Science from the Georgia Institute of Technology.