Title :
High-Coverage Security Testing for Windows Kernel Drivers
Author :
Tao Ni ; Zhongxu Yin ; Qiang Wei ; Qingxian Wang
Author_Institution :
Zhengzhou Inf. & Technol. Inst., Zhengzhou, China
Abstract :
In Windows kernel drivers, different function paths will be called according to the DeviceIoControlCode parameter in DeviceIoControl request. In order to achieve high-coverage security testing of these function paths, a new testing method using symbolic testing is proposed in this paper. With the automatic detection of Dispatch routine, symbolic testing is used to analyse the Dispatch function, walk through all supported function paths and get all DeviceIoControlCodes and check constraints. More specific test cases are generated with the guide of the codes and constraints. To compare the coverage of function paths, drivers of six famous security software are tested. Traditional testing method performs an average of 35% coverage, while ours performs 90%. Our tool discovers a previously-undiscovered priviledge escalation vulnerability of BitDefender2012 and some denial-of-service vulnerabilities, which prove the validity of our method.
Keywords :
device drivers; operating system kernels; program testing; program verification; security of data; BitDefender2012; DeviceIoControl request; DeviceIoControlCode parameter; Windows kernel drivers; automatic dispatch routine detection; constraint checking; denial-of-service vulnerabilities; dispatch function; function paths; high-coverage security testing; security software testing; symbolic testing; Algorithm design and analysis; Computer crime; Kernel; Performance evaluation; Testing; high-coverage; kernel drivers; security testing; symbolic testing;
Conference_Titel :
Multimedia Information Networking and Security (MINES), 2012 Fourth International Conference on
Conference_Location :
Nanjing
Print_ISBN :
978-1-4673-3093-0
DOI :
10.1109/MINES.2012.117
