Team for Research in
Ubiquitous Secure Technology

Verifying the Safety of User Pointer Dereferences
Suhabe Bugrara, Alex Aiken

Citation
Suhabe Bugrara, Alex Aiken. "Verifying the Safety of User Pointer Dereferences". Talk or presentation, 12, November, 2008.

Abstract
Operating systems divide virtual memory addresses into kernel space and user space. The interface of a modern operating system consists of a set of system call procedures that may take pointer arguments called user pointers. It is safe to dereference a user pointer if and only if it points into user space. If the operating system dereferences a user pointer that does not point into user space, then a malicious user application could gain control of the operating system, reveal sensitive data from kernel space, or crash the machine. Because the operating system cannot trust user processes, the operating system must check that the user pointer points to user space before dereferencing it. In this paper, we present a scalable and precise static analysis capable of verifying the absence of unchecked user pointer dereferences. We evaluate an implementation of our analysis on the entire Linux operating system with over 6.2 million lines of code with false alarms reported on only 0.05% of dereference sites.

Electronic downloads

Citation formats  
  • HTML
    Suhabe Bugrara, Alex Aiken. <a
    href="http://www.truststc.org/pubs/496.html"
    ><i>Verifying the Safety of User Pointer
    Dereferences</i></a>, Talk or presentation,  12,
    November, 2008.
  • Plain text
    Suhabe Bugrara, Alex Aiken. "Verifying the Safety of
    User Pointer Dereferences". Talk or presentation,  12,
    November, 2008.
  • BibTeX
    @presentation{BugraraAiken08_VerifyingSafetyOfUserPointerDereferences,
        author = {Suhabe Bugrara and Alex Aiken},
        title = {Verifying the Safety of User Pointer Dereferences},
        day = {12},
        month = {November},
        year = {2008},
        abstract = {Operating systems divide virtual memory addresses
                  into kernel space and user space. The interface of
                  a modern operating system consists of a set of
                  system call procedures that may take pointer
                  arguments called user pointers. It is safe to
                  dereference a user pointer if and only if it
                  points into user space. If the operating system
                  dereferences a user pointer that does not point
                  into user space, then a malicious user application
                  could gain control of the operating system, reveal
                  sensitive data from kernel space, or crash the
                  machine. Because the operating system cannot trust
                  user processes, the operating system must check
                  that the user pointer points to user space before
                  dereferencing it. In this paper, we present a
                  scalable and precise static analysis capable of
                  verifying the absence of unchecked user pointer
                  dereferences. We evaluate an implementation of our
                  analysis on the entire Linux operating system with
                  over 6.2 million lines of code with false alarms
                  reported on only 0.05% of dereference sites. },
        URL = {http://www.truststc.org/pubs/496.html}
    }
    

Posted by Jessica Gamble on 23 Jan 2009.
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.