CONVUL: An effective tool for detecting concurrency vulnerabilities

Ruijie Meng; Biyun Zhu; Hao Yun; Haicheng Li; Yan Cai; Zijiang Yang

doi:10.1109/ASE.2019.00125

CONVUL: An effective tool for detecting concurrency vulnerabilities

Ruijie Meng
, Biyun Zhu
, Hao Yun
, Haicheng Li
, Yan Cai
, Zijiang Yang

Faculty of Electronic and Information Engineering

CAS - Institute of Software
University of Chinese Academy of Sciences

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

7 Scopus citations

Abstract

Concurrency vulnerabilities are extremely harmful and can be frequently exploited to launch severe attacks. Due to the non-determinism of multithreaded executions, it is very difficult to detect them. Recently, data race detectors and techniques based on maximal casual model have been applied to detect concurrency vulnerabilities. However, the former are ineffective and the latter report many false negatives. In this paper, we present CONVUL, an effective tool for concurrency vulnerability detection. CONVUL is based on exchangeable events, and adopts novel algorithms to detect three major kinds of concurrency vulnerabilities. In our experiments, CONVUL detected 9 of 10 known vulnerabilities, while other tools only detected at most 2 out of these 10 vulnerabilities. The 10 vulnerabilities are available at https://github.com/mryancai/ConVul.

Original language	English
Title of host publication	Proceedings - 2019 34th IEEE/ACM International Conference on Automated Software Engineering, ASE 2019
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	1154-1157
Number of pages	4
ISBN (Electronic)	9781728125084
DOIs	https://doi.org/10.1109/ASE.2019.00125
State	Published - Nov 2019
Event	34th IEEE/ACM International Conference on Automated Software Engineering, ASE 2019 - San Diego, United States Duration: 10 Nov 2019 → 15 Nov 2019

Publication series

Name	Proceedings - 2019 34th IEEE/ACM International Conference on Automated Software Engineering, ASE 2019

Conference

Conference	34th IEEE/ACM International Conference on Automated Software Engineering, ASE 2019
Country/Territory	United States
City	San Diego
Period	10/11/19 → 15/11/19

Keywords

Concurrency
Vulnerabilities

Access to Document

10.1109/ASE.2019.00125

Cite this

Meng, R., Zhu, B., Yun, H., Li, H., Cai, Y., & Yang, Z. (2019). CONVUL: An effective tool for detecting concurrency vulnerabilities. In Proceedings - 2019 34th IEEE/ACM International Conference on Automated Software Engineering, ASE 2019 (pp. 1154-1157). Article 8952233 (Proceedings - 2019 34th IEEE/ACM International Conference on Automated Software Engineering, ASE 2019). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ASE.2019.00125

Meng, Ruijie ; Zhu, Biyun ; Yun, Hao et al. / CONVUL : An effective tool for detecting concurrency vulnerabilities. Proceedings - 2019 34th IEEE/ACM International Conference on Automated Software Engineering, ASE 2019. Institute of Electrical and Electronics Engineers Inc., 2019. pp. 1154-1157 (Proceedings - 2019 34th IEEE/ACM International Conference on Automated Software Engineering, ASE 2019).

@inproceedings{e3ba62c0f37f4b55a523a592445e531d,

title = "CONVUL: An effective tool for detecting concurrency vulnerabilities",

abstract = "Concurrency vulnerabilities are extremely harmful and can be frequently exploited to launch severe attacks. Due to the non-determinism of multithreaded executions, it is very difficult to detect them. Recently, data race detectors and techniques based on maximal casual model have been applied to detect concurrency vulnerabilities. However, the former are ineffective and the latter report many false negatives. In this paper, we present CONVUL, an effective tool for concurrency vulnerability detection. CONVUL is based on exchangeable events, and adopts novel algorithms to detect three major kinds of concurrency vulnerabilities. In our experiments, CONVUL detected 9 of 10 known vulnerabilities, while other tools only detected at most 2 out of these 10 vulnerabilities. The 10 vulnerabilities are available at https://github.com/mryancai/ConVul.",

keywords = "Concurrency, Vulnerabilities",

author = "Ruijie Meng and Biyun Zhu and Hao Yun and Haicheng Li and Yan Cai and Zijiang Yang",

note = "Publisher Copyright: {\textcopyright} 2019 IEEE.; 34th IEEE/ACM International Conference on Automated Software Engineering, ASE 2019 ; Conference date: 10-11-2019 Through 15-11-2019",

year = "2019",

month = nov,

doi = "10.1109/ASE.2019.00125",

language = "英语",

series = "Proceedings - 2019 34th IEEE/ACM International Conference on Automated Software Engineering, ASE 2019",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "1154--1157",

booktitle = "Proceedings - 2019 34th IEEE/ACM International Conference on Automated Software Engineering, ASE 2019",

}

Meng, R, Zhu, B, Yun, H, Li, H, Cai, Y & Yang, Z 2019, CONVUL: An effective tool for detecting concurrency vulnerabilities. in Proceedings - 2019 34th IEEE/ACM International Conference on Automated Software Engineering, ASE 2019., 8952233, Proceedings - 2019 34th IEEE/ACM International Conference on Automated Software Engineering, ASE 2019, Institute of Electrical and Electronics Engineers Inc., pp. 1154-1157, 34th IEEE/ACM International Conference on Automated Software Engineering, ASE 2019, San Diego, United States, 10/11/19. https://doi.org/10.1109/ASE.2019.00125

CONVUL: An effective tool for detecting concurrency vulnerabilities. / Meng, Ruijie; Zhu, Biyun; Yun, Hao et al.
Proceedings - 2019 34th IEEE/ACM International Conference on Automated Software Engineering, ASE 2019. Institute of Electrical and Electronics Engineers Inc., 2019. p. 1154-1157 8952233 (Proceedings - 2019 34th IEEE/ACM International Conference on Automated Software Engineering, ASE 2019).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - CONVUL

T2 - 34th IEEE/ACM International Conference on Automated Software Engineering, ASE 2019

AU - Meng, Ruijie

AU - Zhu, Biyun

AU - Yun, Hao

AU - Li, Haicheng

AU - Cai, Yan

AU - Yang, Zijiang

PY - 2019/11

Y1 - 2019/11

N2 - Concurrency vulnerabilities are extremely harmful and can be frequently exploited to launch severe attacks. Due to the non-determinism of multithreaded executions, it is very difficult to detect them. Recently, data race detectors and techniques based on maximal casual model have been applied to detect concurrency vulnerabilities. However, the former are ineffective and the latter report many false negatives. In this paper, we present CONVUL, an effective tool for concurrency vulnerability detection. CONVUL is based on exchangeable events, and adopts novel algorithms to detect three major kinds of concurrency vulnerabilities. In our experiments, CONVUL detected 9 of 10 known vulnerabilities, while other tools only detected at most 2 out of these 10 vulnerabilities. The 10 vulnerabilities are available at https://github.com/mryancai/ConVul.

AB - Concurrency vulnerabilities are extremely harmful and can be frequently exploited to launch severe attacks. Due to the non-determinism of multithreaded executions, it is very difficult to detect them. Recently, data race detectors and techniques based on maximal casual model have been applied to detect concurrency vulnerabilities. However, the former are ineffective and the latter report many false negatives. In this paper, we present CONVUL, an effective tool for concurrency vulnerability detection. CONVUL is based on exchangeable events, and adopts novel algorithms to detect three major kinds of concurrency vulnerabilities. In our experiments, CONVUL detected 9 of 10 known vulnerabilities, while other tools only detected at most 2 out of these 10 vulnerabilities. The 10 vulnerabilities are available at https://github.com/mryancai/ConVul.

KW - Concurrency

KW - Vulnerabilities

UR - https://www.scopus.com/pages/publications/85078951827

U2 - 10.1109/ASE.2019.00125

DO - 10.1109/ASE.2019.00125

M3 - 会议稿件

AN - SCOPUS:85078951827

T3 - Proceedings - 2019 34th IEEE/ACM International Conference on Automated Software Engineering, ASE 2019

SP - 1154

EP - 1157

BT - Proceedings - 2019 34th IEEE/ACM International Conference on Automated Software Engineering, ASE 2019

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 10 November 2019 through 15 November 2019

ER -

Meng R, Zhu B, Yun H, Li H, Cai Y, Yang Z. CONVUL: An effective tool for detecting concurrency vulnerabilities. In Proceedings - 2019 34th IEEE/ACM International Conference on Automated Software Engineering, ASE 2019. Institute of Electrical and Electronics Engineers Inc. 2019. p. 1154-1157. 8952233. (Proceedings - 2019 34th IEEE/ACM International Conference on Automated Software Engineering, ASE 2019). doi: 10.1109/ASE.2019.00125

CONVUL: An effective tool for detecting concurrency vulnerabilities

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this