Advanced

LLVM-Based Fortification for Kernel Drivers

Brandberg, Caroline LU (2016) In LU-CS-EX 2016-28 EDA920 20161
Department of Computer Science
Abstract
In today’s operating systems, drivers are linked with the kernel where handling pointers and performing memory accesses must be considered with much more care than in application user space.

This thesis focuses on two issues. First, memory access to user space must never be done directly, because the access may fault due to insufficient access permissions or unmapped pages. Second, pointers entering via system calls must be checked prior to their use to prevent a malevolent user from exploiting kernel drivers to access kernel space for them.

The proposed solution uses the type system of Clang combined with analyzes on the generated LLVM intermediate representation, both in the purpose of performing static analyzes to produce valuable... (More)
In today’s operating systems, drivers are linked with the kernel where handling pointers and performing memory accesses must be considered with much more care than in application user space.

This thesis focuses on two issues. First, memory access to user space must never be done directly, because the access may fault due to insufficient access permissions or unmapped pages. Second, pointers entering via system calls must be checked prior to their use to prevent a malevolent user from exploiting kernel drivers to access kernel space for them.

The proposed solution uses the type system of Clang combined with analyzes on the generated LLVM intermediate representation, both in the purpose of performing static analyzes to produce valuable messages to developers during compile time, but also to insert robustness assertions and perform code transformations. With these precautions we were able to identify four bugs in a single device driver. (Less)
Please use this url to cite or link to this publication:
author
Brandberg, Caroline LU
supervisor
organization
course
EDA920 20161
year
type
H3 - Professional qualifications (4 Years - )
subject
keywords
LLVM, Device Drivers, Kernel Memory Access, Pointer bugs
publication/series
LU-CS-EX 2016-28
report number
LU-CS-EX 2016-28
ISSN
1650-2884
language
English
id
8888221
date added to LUP
2016-08-15 10:50:42
date last changed
2016-08-15 10:50:42
@misc{8888221,
  abstract     = {In today’s operating systems, drivers are linked with the kernel where handling pointers and performing memory accesses must be considered with much more care than in application user space.

This thesis focuses on two issues. First, memory access to user space must never be done directly, because the access may fault due to insufficient access permissions or unmapped pages. Second, pointers entering via system calls must be checked prior to their use to prevent a malevolent user from exploiting kernel drivers to access kernel space for them.

The proposed solution uses the type system of Clang combined with analyzes on the generated LLVM intermediate representation, both in the purpose of performing static analyzes to produce valuable messages to developers during compile time, but also to insert robustness assertions and perform code transformations. With these precautions we were able to identify four bugs in a single device driver.},
  author       = {Brandberg, Caroline},
  issn         = {1650-2884},
  keyword      = {LLVM,Device Drivers,Kernel Memory Access,Pointer bugs},
  language     = {eng},
  note         = {Student Paper},
  series       = {LU-CS-EX 2016-28},
  title        = {LLVM-Based Fortification for Kernel Drivers},
  year         = {2016},
}