Verifying the Safety of User Pointer Dereferences

Verifying the Safety of User Pointer Dereferences
Suhabe Bugrara, Alex Aiken

Citation
Suhabe Bugrara, Alex Aiken. "Verifying the Safety of User Pointer Dereferences". Talk or presentation, 12, November, 2008.

Abstract
Operating systems divide virtual memory addresses into kernel space and user space. The interface of a modern operating system consists of a set of system call procedures that may take pointer arguments called user pointers. It is safe to dereference a user pointer if and only if it points into user space. If the operating system dereferences a user pointer that does not point into user space, then a malicious user application could gain control of the operating system, reveal sensitive data from kernel space, or crash the machine. Because the operating system cannot trust user processes, the operating system must check that the user pointer points to user space before dereferencing it. In this paper, we present a scalable and precise static analysis capable of verifying the absence of unchecked user pointer dereferences. We evaluate an implementation of our analysis on the entire Linux operating system with over 6.2 million lines of code with false alarms reported on only 0.05% of dereference sites.

Electronic downloads

25%20-%20Bugrara.ppt · application/vnd.ms-powerpoint · 492 kbytes

Citation formats

HTML

Suhabe Bugrara, Alex Aiken. <a
href="http://www.truststc.org/pubs/496.html"
><i>Verifying the Safety of User Pointer
Dereferences</i></a>, Talk or presentation,  12,
November, 2008.

Plain text

Suhabe Bugrara, Alex Aiken. "Verifying the Safety of
User Pointer Dereferences". Talk or presentation,  12,
November, 2008.

BibTeX

@presentation{BugraraAiken08_VerifyingSafetyOfUserPointerDereferences,
    author = {Suhabe Bugrara and Alex Aiken},
    title = {Verifying the Safety of User Pointer Dereferences},
    day = {12},
    month = {November},
    year = {2008},
    abstract = {Operating systems divide virtual memory addresses
              into kernel space and user space. The interface of
              a modern operating system consists of a set of
              system call procedures that may take pointer
              arguments called user pointers. It is safe to
              dereference a user pointer if and only if it
              points into user space. If the operating system
              dereferences a user pointer that does not point
              into user space, then a malicious user application
              could gain control of the operating system, reveal
              sensitive data from kernel space, or crash the
              machine. Because the operating system cannot trust
              user processes, the operating system must check
              that the user pointer points to user space before
              dereferencing it. In this paper, we present a
              scalable and precise static analysis capable of
              verifying the absence of unchecked user pointer
              dereferences. We evaluate an implementation of our
              analysis on the entire Linux operating system with
              over 6.2 million lines of code with false alarms
              reported on only 0.05% of dereference sites. },
    URL = {http://www.truststc.org/pubs/496.html}
}

Posted by Jessica Gamble on 23 Jan 2009.
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.