ASIRDetector: Scheduling-driven, asynchronous execution to discover asynchronous improper releases bug in linux kernel

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security Pub Date : 2025-05-21 DOI:10.1016/j.cose.2025.104530

Jianzhou Zhao, Qiang Wei, Xingwei Li, Yunchao Wang, Xixing Li

{"title":"ASIRDetector: Scheduling-driven, asynchronous execution to discover asynchronous improper releases bug in linux kernel","authors":"Jianzhou Zhao, Qiang Wei, Xingwei Li, Yunchao Wang, Xixing Li","doi":"10.1016/j.cose.2025.104530","DOIUrl":null,"url":null,"abstract":"<div><div>Asynchronous operations are the cornerstone of modern operating systems, enabling high-performance task scheduling and efficient resource management. However, if the asynchronous mechanism releases resources at incorrect times, it will pose significant security risks to the Linux kernel, such as high-risk vulnerabilities like use-after-free and null pointer dereferencing. Due to the indirect triggerability of asynchronous operations by users, existing methods for detecting kernel concurrency vulnerabilities are ineffective in identifying bugs arising from improper asynchronous resource releases.</div><div>In this paper, we present a method named ASIRDetector, which adopts a schedule-driven asynchronous execution control strategy to address the aforementioned challenges through a combination of static analysis and dynamic fuzz testing. Our method models the mainstream asynchronous mechanisms in the kernel and their entry points to ensure that dynamic fuzz testing is guided towards high-risk areas where such errors can be triggered. Additionally, we implement a deterministic thread control technique that precisely orchestrates the interleaving of asynchronous and regular instructions to maximize the detection of asynchronous concurrency errors.</div><div>We have developed a prototype of ASIRDetector, which successfully detected all 14 vulnerabilities in the test set, surpassing the performance of the current state-of-the-art methods. More notably, ASIRDetector discovered 15 unique bugs in Linux kernel version 6.9-rc7, highlighting its effectiveness in uncovering asynchronous improper release vulnerabilities.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"157 ","pages":"Article 104530"},"PeriodicalIF":4.8000,"publicationDate":"2025-05-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404825002196","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Asynchronous operations are the cornerstone of modern operating systems, enabling high-performance task scheduling and efficient resource management. However, if the asynchronous mechanism releases resources at incorrect times, it will pose significant security risks to the Linux kernel, such as high-risk vulnerabilities like use-after-free and null pointer dereferencing. Due to the indirect triggerability of asynchronous operations by users, existing methods for detecting kernel concurrency vulnerabilities are ineffective in identifying bugs arising from improper asynchronous resource releases.

In this paper, we present a method named ASIRDetector, which adopts a schedule-driven asynchronous execution control strategy to address the aforementioned challenges through a combination of static analysis and dynamic fuzz testing. Our method models the mainstream asynchronous mechanisms in the kernel and their entry points to ensure that dynamic fuzz testing is guided towards high-risk areas where such errors can be triggered. Additionally, we implement a deterministic thread control technique that precisely orchestrates the interleaving of asynchronous and regular instructions to maximize the detection of asynchronous concurrency errors.

We have developed a prototype of ASIRDetector, which successfully detected all 14 vulnerabilities in the test set, surpassing the performance of the current state-of-the-art methods. More notably, ASIRDetector discovered 15 unique bugs in Linux kernel version 6.9-rc7, highlighting its effectiveness in uncovering asynchronous improper release vulnerabilities.

查看原文本刊更多论文

ASIRDetector：调度驱动的异步执行，用于发现linux内核中异步不当发布的错误

异步操作是现代操作系统的基石，它支持高性能的任务调度和高效的资源管理。但是，如果异步机制在不正确的时间释放资源，会给Linux内核带来很大的安全风险，比如use-after-free和空指针解引用等高风险漏洞。由于异步操作是由用户间接触发的，现有的内核并发漏洞检测方法在识别异步资源释放不当引起的bug时是无效的。在本文中，我们提出了一种名为ASIRDetector的方法，该方法采用一种进度驱动的异步执行控制策略，通过静态分析和动态模糊测试相结合来解决上述挑战。我们的方法对内核中的主流异步机制及其入口点进行建模，以确保动态模糊测试被引导到可能触发此类错误的高风险区域。此外，我们实现了一种确定性线程控制技术，该技术精确地编排了异步和常规指令的交错，以最大限度地检测异步并发性错误。我们已经开发了asir检测器的原型，它成功地检测了测试集中的所有14个漏洞，超越了目前最先进的方法的性能。更值得注意的是，ASIRDetector在Linux内核版本6.9-rc7中发现了15个独特的错误，突出了它在发现异步不当发布漏洞方面的有效性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computers & Security 工程技术-计算机：信息系统

CiteScore

12.40

自引率

7.10%

发文量

365

审稿时长

10.7 months

期刊介绍： Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.