A Hybrid Alias Analysis and Its Application to Global Variable Protection in the Linux Kernel

Li, G; Zhang, H; Zhou, J; Shen, W; Sui, Y; Qian, Z

A Hybrid Alias Analysis and Its Application to Global Variable Protection in the Linux Kernel

Li, G Zhang, H Zhou, J Shen, W Sui, Y

Qian, Z

Permalink

Publication Type:: Conference Proceeding
Citation:: 32nd USENIX Security Symposium, USENIX Security 2023, 2023, 6, pp. 4211-4228
Issue Date:: 2023-01-01

Closed Access

	Filename	Description	Size
	usenixsecurity23-li-guoren.pdf	Published version	746.39 kB	Adobe PDF	View/Open

Copyright Clearance Process

Recently Added
In Progress
Closed Access

This item is closed access and not available.

Full metadata record

Field	Value	Language
dc.contributor.author	Li, G
dc.contributor.author	Zhang, H
dc.contributor.author	Zhou, J
dc.contributor.author	Shen, W
dc.contributor.author	Sui, Y https://orcid.org/0000-0002-9510-6574
dc.contributor.author	Qian, Z
dc.date.accessioned	2024-05-30T21:53:02Z
dc.date.available	2024-05-30T21:53:02Z
dc.date.issued	2023-01-01
dc.identifier.citation	32nd USENIX Security Symposium, USENIX Security 2023, 2023, 6, pp. 4211-4228
dc.identifier.isbn	9781713879497
dc.identifier.uri	http://hdl.handle.net/10453/179359
dc.description.abstract	Global variables in the Linux kernel have been a common target of memory corruption attacks to achieve privilege escalation. Several potential defense mechanisms can be employed to safeguard global variables. One approach involves placing global variables in read-only pages after kernel initialization (ro_after_init), while another involves employing software fault isolation (SFI) to dynamically block unintended writes to these variables. To deploy such solutions in practice, a key building block is a sound, precise, and scalable alias analysis that is capable of identifying all the pointer aliases of global variables, as any pointer alias may be used for intended writes to a global variable. Unfortunately, the two existing styles of data-flow-based (e.g., Andersen-style) alias analysis and type-based alias analysis have serious limitations in scalability and precision when applied to the Linux kernel. This paper proposes a novel and general hybrid alias analysis that unifies the two complementary approaches in a graph reachability framework using context-free-language, also known as CFL-reachability. We show our hybrid alias analysis is extremely effective, significantly and simultaneously outperforming the data-flow-based alias analysis in scalability and the type-based alias analysis in precision. Under the same time budget, our hybrid analysis finds 42% of the Linux kernel global variables protectable as ro_after_init, whereas the two separate analyses find a combined 16% only.
dc.language	en
dc.relation.ispartof	32nd USENIX Security Symposium, USENIX Security 2023
dc.rights	info:eu-repo/semantics/closedAccess
dc.title	A Hybrid Alias Analysis and Its Application to Global Variable Protection in the Linux Kernel
dc.type	Conference Proceeding
utslib.citation.volume	6
pubs.organisational-group	University of Technology Sydney
pubs.organisational-group	University of Technology Sydney/Faculty of Engineering and Information Technology
pubs.organisational-group	University of Technology Sydney/Strength - AAII - Australian Artificial Intelligence Institute
utslib.copyright.status	closed_access	*
dc.date.updated	2024-05-30T21:53:00Z
pubs.publication-status	Published
pubs.volume	6

Abstract:

Global variables in the Linux kernel have been a common target of memory corruption attacks to achieve privilege escalation. Several potential defense mechanisms can be employed to safeguard global variables. One approach involves placing global variables in read-only pages after kernel initialization (ro_after_init), while another involves employing software fault isolation (SFI) to dynamically block unintended writes to these variables. To deploy such solutions in practice, a key building block is a sound, precise, and scalable alias analysis that is capable of identifying all the pointer aliases of global variables, as any pointer alias may be used for intended writes to a global variable. Unfortunately, the two existing styles of data-flow-based (e.g., Andersen-style) alias analysis and type-based alias analysis have serious limitations in scalability and precision when applied to the Linux kernel. This paper proposes a novel and general hybrid alias analysis that unifies the two complementary approaches in a graph reachability framework using context-free-language, also known as CFL-reachability. We show our hybrid alias analysis is extremely effective, significantly and simultaneously outperforming the data-flow-based alias analysis in scalability and the type-based alias analysis in precision. Under the same time budget, our hybrid analysis finds 42% of the Linux kernel global variables protectable as ro_after_init, whereas the two separate analyses find a combined 16% only.

Please use this identifier to cite or link to this item:

http://hdl.handle.net/10453/179359