Abstract:
Device drivers are lower level computer programs, which allow higher level computer programs to interact with hardware devices. Commonly, vulnerabilities in device drivers would be more devastating than that in applications. “Writing tainted value to tainted address” is a kind of vulnerability pattern, frequently existing in Windows device driver programs. In this paper, we first time describe this kind of vulnerability pattern in so many words, present a systematic method to detect it in binary Windows device driver programs automatically, and implement our method in a prototype tool called T2T-B2C. The method bases on de-compiling and static taints analysis technologies. Compared with other methods, our method could analyze native binary code as well as C code. Accordingly, T2T-B2C consists of two components called T2T and B2C respectively. Firstly, B2C translates binary files to C files by de-compiling; and then T2T uses static taint analysis technology to detect the vulnerable statement, which is writing tainted value to tainted address in the C code that B2C produced. We evaluate T2T-B2C with binary device drivers of several Windows anti-virus programs, and find 6 uncovered vulnerabilities. The results show that T2T-B2C is an applied vulnerability detecting tool that could be scalable to large programs.