Visible to the public CONVUL: An Effective Tool for Detecting Concurrency Vulnerabilities

Submitted by grigby1 on Tue, 10/06/2020 - 2:01pm
TitleCONVUL: An Effective Tool for Detecting Concurrency Vulnerabilities
Publication TypeConference Paper
Year of Publication2019
AuthorsMeng, Ruijie, Zhu, Biyun, Yun, Hao, Li, Haicheng, Cai, Yan, Yang, Zijiang
Conference Name2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE)
Date PublishedNov. 2019
PublisherIEEE
ISBN Number978-1-7281-2508-4
KeywordsClocks, composability, Concurrency, concurrency control, concurrency vulnerability detection, Concurrent computing, CONVUL, CPS, cyber physical systems, Instruction sets, Instruments, Metrics, multi-threading, multithreaded execution nondeterminism, program diagnostics, pubcrawl, resilience, Resiliency, Runtime, security, security of data, Synchronization, Tools, vulnerabilities
Abstract

Concurrency vulnerabilities are extremely harmful and can be frequently exploited to launch severe attacks. Due to the non-determinism of multithreaded executions, it is very difficult to detect them. Recently, data race detectors and techniques based on maximal casual model have been applied to detect concurrency vulnerabilities. However, the former are ineffective and the latter report many false negatives. In this paper, we present CONVUL, an effective tool for concurrency vulnerability detection. CONVUL is based on exchangeable events, and adopts novel algorithms to detect three major kinds of concurrency vulnerabilities. In our experiments, CONVUL detected 9 of 10 known vulnerabilities, while other tools only detected at most 2 out of these 10 vulnerabilities. The 10 vulnerabilities are available at https://github.com/mryancai/ConVul.
URLhttps://ieeexplore.ieee.org/document/8952233
DOI10.1109/ASE.2019.00125
Citation Keymeng_convul_2019
Groups: