System Call Vulnerabilities in Linux Storage Stack Nima Mohammadi - - PowerPoint PPT Presentation

system call vulnerabilities in linux storage stack
SMART_READER_LITE
LIVE PREVIEW

System Call Vulnerabilities in Linux Storage Stack Nima Mohammadi - - PowerPoint PPT Presentation

Aug 15, 2023 570 likes •815 views

System Call Vulnerabilities in Linux Storage Stack Nima Mohammadi Sepand Haghighi Fall - 2016 Outline Introduction Static Code Analysis Static Analyzer List Kernels Static Analysis Report Conclusion 2 System

slide-1
SLIDE 1

System Call Vulnerabilities in Linux Storage Stack

Nima Mohammadi Sepand Haghighi Fall - 2016

slide-2
SLIDE 2

Outline

2 System Call Vulnerabilities in Linux Storage Stack – Nima Mohammadi , Sepand Haghighi

  • Introduction
  • Static Code Analysis
  • Static Analyzer List
  • Kernels
  • Static Analysis Report
  • Conclusion
slide-3
SLIDE 3

Source Code Analysis

3 System Call Vulnerabilities in Linux Storage Stack – Nima Mohammadi , Sepand Haghighi

  • As a developer, source code is the malleable
  • bject
  • Many techniques can be shared between source

and binary analysis

  • Flip side: Improve RE by looking for blind spots

in source analysis

slide-4
SLIDE 4

Source and Binary Analysis

4 System Call Vulnerabilities in Linux Storage Stack – Nima Mohammadi , Sepand Haghighi

  • Binary

– Hard to map back to source – CPU dependent – Language indep ? – Environment independent? – 3rd party utility

  • Source

– Easy to identify location

  • f flaw

– CPU independent – Language depen. – Environment independent? – 1st party only

slide-5
SLIDE 5

Tools to find bugs

5 System Call Vulnerabilities in Linux Storage Stack – Nima Mohammadi , Sepand Haghighi

  • Static Code Analyzer
  • Dynamic Runtime Checker
  • Fuzzer/Test Suits
  • Tracers to understand code
  • Tools to understand source
slide-6
SLIDE 6

Static and Dynamic Analysis

6 System Call Vulnerabilities in Linux Storage Stack – Nima Mohammadi , Sepand Haghighi

  • Static

– Complete coverage – false positives – Can analyze anytime, anywhere – Precise description of problem, unknown impact

  • Dynamic

– Very rare to get close to 100% – No false positives – Requires ability to run program – Precise understanding of impact, possibly unknown cause

slide-7
SLIDE 7

Static Code Analysis

7 System Call Vulnerabilities in Linux Storage Stack – Nima Mohammadi , Sepand Haghighi

  • The source has a lot of knowledge embedded

– Extract the good parts, ignore the remainder

  • Many types of analysis

– Different ways to approach the problem – Different goals

  • Find Defects
  • Enhance Run time analysis
  • Gain insight into code
slide-8
SLIDE 8

Static Code Analysis

8 System Call Vulnerabilities in Linux Storage Stack – Nima Mohammadi , Sepand Haghighi

slide-9
SLIDE 9

Static Code Analysis

9 System Call Vulnerabilities in Linux Storage Stack – Nima Mohammadi , Sepand Haghighi

slide-10
SLIDE 10

Simulated Execution

10 System Call Vulnerabilities in Linux Storage Stack – Nima Mohammadi , Sepand Haghighi

  • Flow sensitive

bar() { free(g_p); } baz() { free(g_p); } foo() { if (x) bar(); else baz(); }

  • Context sensitive

if (use_malloc) p = malloc(); /* … */ if (use_malloc) free(p);

  • How much state to track?

– Exponential number of paths – Loops – Heap is unbounded

slide-11
SLIDE 11

Static Analyzer List

11 System Call Vulnerabilities in Linux Storage Stack – Nima Mohammadi , Sepand Haghighi

  • BLAST
  • FRAMA-C
  • Flaw-Finder
  • Sparse
  • CppCheck
  • Smatch
slide-12
SLIDE 12

BLAST

12 System Call Vulnerabilities in Linux Storage Stack – Nima Mohammadi , Sepand Haghighi

  • Berkeley Lazy Abstraction Software Verification Tool

(BLAST)

  • Written in Ocaml
  • Stable Version : 2.7.3 , 2014
  • automatic abstraction refinement to construct an

abstract model that is then model-checked for safety properties

slide-13
SLIDE 13

Frama-C

13 System Call Vulnerabilities in Linux Storage Stack – Nima Mohammadi , Sepand Haghighi

  • Framework or Modular Analysis of C Programs.
  • Written in Ocaml
  • Stable Version : Silicon , 2 Dec 2016
  • Run Different Analysis :
  • Value Analysis
  • Jessie
  • Impact Analysis
  • Slicing
  • Spare Code
slide-14
SLIDE 14

Flaw-Finder

14 System Call Vulnerabilities in Linux Storage Stack – Nima Mohammadi , Sepand Haghighi

  • Examine C/C++ Codes
  • Written in Python
  • Stable Version : 2014-08-03
  • It’s very useful for quickly finding and removing at least

some potential security problems before a program is widely released to the public

  • Flawfinder is specifically designed to be easy to install and use.

After installing it, at a command line just type:

flawfinder directory_with_source_code

slide-15
SLIDE 15

Sparse

15 System Call Vulnerabilities in Linux Storage Stack – Nima Mohammadi , Sepand Haghighi

  • Examine Linux Kernels
  • Written in C
  • Stable Version : 0.5.0 , 29 Jan 2014
  • Open Source , MIT License
  • Sparse defines the following list of attributes:

– Address_space – Bitwise – Force – Context

slide-16
SLIDE 16

CPP Check

16 System Call Vulnerabilities in Linux Storage Stack – Nima Mohammadi , Sepand Haghighi

  • Static Analysis of C/C++ Codes
  • Written in C++
  • Stable Version : 8 Oct 2016
  • General Public GNU Licesne
  • Some of checks that are supported :

– Automatic Variable – Memory Leaks – Resources Leaks – Bounds Checking – Invalid usage of standard library

slide-17
SLIDE 17

Smatch

17 System Call Vulnerabilities in Linux Storage Stack – Nima Mohammadi , Sepand Haghighi

  • Static Analysis of C Source Code
  • Written in C Stable Version : 8 Oct 2016
  • General Public GNU Licesne
  • C static analysis tool which developed, and which uses

to test the mainline Linux kernel code for security bugs.

slide-18
SLIDE 18

Linux Complexity Growing

18 System Call Vulnerabilities in Linux Storage Stack – Nima Mohammadi , Sepand Haghighi

slide-19
SLIDE 19

Filesystems List

19 System Call Vulnerabilities in Linux Storage Stack – Nima Mohammadi , Sepand Haghighi

ext2 Second Extended FileSystem ext4 Fourth Extended Filesystem with extents btfrs B-Tree filesystem hfs Macintosh HFS Filesystem jffs2 The Journalling Flash File System, v2 reiserfs ReiserFS journaled filesystem ubifs UBIFS - UBI File System udf Universal Disk Format Filesystem

slide-20
SLIDE 20

Filesystem Analysis Report

20 System Call Vulnerabilities in Linux Storage Stack – Nima Mohammadi , Sepand Haghighi

FS

Line of Code Smatch

CppChek

Sparse FlawFindr Blast Frama-C

ext2 6840 3

  • 29
  • ext4

32754 30

  • 103
  • btrfs

82450 84

  • 69

191

  • hfs

4618 22

  • 20
  • jffs2

13771 40

  • 6

45

  • reiserfs

21742 40

  • 6

159

  • ubifs

21988 6

  • 63
  • udf

8980 26

  • 63
slide-21
SLIDE 21

Conclusion

21 System Call Vulnerabilities in Linux Storage Stack – Nima Mohammadi , Sepand Haghighi

  • Linux has a lot of great tools for making kernel

development easier

  • We need them to keep up with the growing

complexity

  • But Still many improvement possible
slide-22
SLIDE 22

Comparison

22 System Call Vulnerabilities in Linux Storage Stack – Nima Mohammadi , Sepand Haghighi