Automatically Constructing Peer Slices via Semanticand Context-Aware Security Checks in the Linux Kernel

OS kernels enforce many security checks to validate system states. We observe that paths containing security checks are in fact very informative in inferring critical semantics in OS kernel. In particular, Such slices are valuable for detecting kernel semantic bugs because understanding semantics is typically required by the detection. However, there are few studies that address security checks, and constructing these slices is challenging due to not only a lack of clear criteria but also the large and complex OS. In this paper, combining security checks with program slicing, we first systematically study security check peer slices and propose an automatic approach to construct security check peer slices in OS kernel. Using an inter-procedural, semantic- and context-aware analysis, we can find slices sharing similar semantics in similar contexts. Based on the information offered by security check peer slices, we then introduce the Scenarios for semantic vulnerability detection by security check peer slices: missing security check and inaccurate security check. The evaluation results show that our approach can accurately constructing security check peer slices.