MACH2: System for Root Cause Analysis of Kernel Vulnerabilities
Author(s)
Desai, Sidhesh
Advisor(s)
Editor(s)
Collections
Supplementary to:
Permanent Link
Abstract
Kernel code is ubiquitous in the modern technology landscape, and therefore, enforcing its security is of high importance. A common problem among modern kernel fuzzers is the discovery of vulnerabilities whose causes are difficult to pinpoint, meaning that they cannot easily be patched by developers. This leads to a large accumulation of bugs for kernel and kernel driver code. This issue can be remediated by being able to trace the root cause of a given exploit in the original source code. This study introduces MACH2, a system through which kernel vulnerabilities can have their root causes pinpointed such that they can be easily corrected by developers and/or automated systems. The MACH2 system consists of a 2-stage process: first, the system generates a trace of the exploit being run, and then, it uses this trace in tandem with a DSE engine to find the input regions of the code corresponding to the vulnerability at hand. MACH2 has already demonstrated its usability against CVEs and real-world exploits, and with upcoming additions, will be able to handle a wide array of vulnerability classes, allowing for a more secure kernel code landscape.
Sponsor
Date
2021-12
Extent
Resource Type
Text
Resource Subtype
Undergraduate Thesis