*********************************
There is now a CONTENT FREEZE for Mercury while we switch to a new platform. It began on Friday, March 10 at 6pm and will end on Wednesday, March 15 at noon. No new content can be created during this time, but all material in the system as of the beginning of the freeze will be migrated to the new platform, including users and groups. Functionally the new site is identical to the old one. webteam@gatech.edu
*********************************
Atlanta, GA | Posted: May 21, 2018
Tess Malone, Communications Officer
Summary Sentence:
Georgia Tech researchers created Deadline, a new tool to find double-fetch bugs.
Full Summary:
No summary paragraph submitted.
Double-fetch bugResearchers in Georgia Tech’s School of Computer Science have modeled and detected a unique type of logic bug, a nefarious brand of malware that causes a system to operate incorrectly without crashing and creates vulnerabilities.
The double-fetch bug, presented in a paper at the 2018 IEEE Symposium on Security and Privacy on May 21-23 in San Francisco, is a special type of logic bug that can cause data inconsistencies in the program’s execution path and compromise security.
“We think we can find a systematic way to model and detect the double-fetch bug,” said SCS Ph.D. student Meng Xu, one of the researchers on the project. “We hope we can apply this experience to detect other types of logic bugs in kernels.”
Defining the double-fetch bug
The kernel is the core of an operating system. One bug in the kernel can take down the entire application. Yet this type of bug is inherently hard to detect.
A double-fetch bug operates when a kernel reads the userspace memory (i.e. random access memory calls) more than once while simultaneously a user thread scrambles the information in the region. This causes data inconsistences that open the kernel up to security vulnerabilities.
The researchers created a tool called Deadline to identify and cull double-fetch bugs in three steps.
Thinking outside the kernel
Using this method, the researchers tested Deadline on Linux and FreeBSD kernels, finding 23 new bugs in Linux and one in FreeBSD.
Double-fetch bugs may lurk in more than just kernels, but any memory region divided into subregions or reading a system multiple times. This means double-fetch bugs could be in hypervisors (Xen, KVM), trusted execution environments (SGX, TrustZone), and even OS-like userspace programs like Chrome.
Yet this research could go beyond double-fetch bugs. They believe this method — creating a formal definition for a systematic approach, using static analysis for scalability and coverage, and verifying with symbolic checking for precision — can be used to create more bug-finding tools.
This research was presented in a paper, titled Precise and Scalable Detection of Double-Fetch Bugs in Kernels, at 2018 IEEE Symposium on Security and Privacy. The research is the work of SCS Ph.D. students Meng Xu and Chenxiong Qian, University of Minnesota Assistant Professor Kangjie Lu, Chairman and Scientific Director of the CISPA Helmholtz Center i.G. Michael Backes, and SCS Assistant Professor Taesoo Kim.
