Reverse-Engineering Drivers for Safety and Portability

Device drivers today lack two important properties: guaranteed safety and cross-platform portability. We present an approach to incrementally achieving these properties in drivers, without requiring any changes in the drivers or operating system kernels. We describe RevEng, a tool for automatically reverse-engineering a binary driver and synthesizing a new, safe and portable driver that mimics the original one. The operating system kernel runs the trusted synthetic driver instead of the original, thus avoiding giving untrusted driver code kernel privileges. Initial results are promising: we reverse-engineered the basic functionality of network drivers in Linux and Windows based solely on their binaries, and we synthesized safe drivers for Linux. We hope RevEng will eventually persuade hardware vendors to provide verifiable formal specifications instead of binary drivers; such specifications can be used to automatically synthesize safe drivers for every desired platform.

[1]  Junfeng Yang,et al.  An empirical study of operating systems errors , 2001, SOSP.

[2]  Babak Falsafi,et al.  Log-based architectures for general-purpose monitoring of deployed code , 2006, ASID '06.

[3]  Galen C. Hunt,et al.  Solving the starting problem: device drivers as self-describing artifacts , 2006, EuroSys '06.

[4]  Информатика Windows Driver Kit , 2010 .

[5]  Andrew Warfield,et al.  Safe Hardware Access with the Xen Virtual Machine Monitor , 2007 .

[6]  Jun Sun,et al.  HAIL: a language for easy and correct device access , 2005, EMSOFT.

[7]  Stefan Götz,et al.  Unmodified Device Driver Reuse and Improved System Dependability via Virtual Machines , 2004, OSDI.

[8]  Emin Gün Sirer,et al.  Device Driver Safety Through a Reference Validation Mechanism , 2008, OSDI.

[9]  Sriram K. Rajamani,et al.  Thorough static analysis of device drivers , 2006, EuroSys.

[10]  Jochen Liedtke,et al.  The performance of μ-kernel-based systems , 1997, SOSP.

[11]  Nikolai Tillmann,et al.  Achieving both model and code coverage with automated gray-box testing , 2007, A-MOST '07.

[12]  Cristina Cifuentes,et al.  Computer security analysis through decompilation and high-level debugging , 2001, Proceedings Eighth Working Conference on Reverse Engineering.

[13]  James C. King,et al.  Symbolic execution and program testing , 1976, CACM.

[14]  Gernot Heiser,et al.  Pre-virtualization: Slashing the cost of virtualization , 2005 .

[15]  Somesh Jha,et al.  The design and implementation of microdrivers , 2008, ASPLOS.

[16]  Brian N. Bershad,et al.  Recovering device drivers , 2004, TOCS.

[17]  Sarfraz Khurshid,et al.  Korat: automated testing based on Java predicates , 2002, ISSTA '02.

[18]  Michael J. Nash,et al.  The Chinese Wall security policy , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[19]  Информатика,et al.  Uniform Driver Interface , 2010 .

[20]  Cristina Cifuentes,et al.  Reverse compilation techniques , 1994 .

[21]  Fabrice Bellard,et al.  QEMU, a Fast and Portable Dynamic Translator , 2005, USENIX ATC, FREENIX Track.

[22]  David Brumley,et al.  Automatic Patch-Based Exploit Generation is Possible: Techniques and Implications , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[23]  David W. Binkley,et al.  Program slicing , 2008, 2008 Frontiers of Software Maintenance.

[24]  Dawson R. Engler,et al.  Reverse-Engineering Instruction Encodings , 2001, USENIX Annual Technical Conference, General Track.

[25]  Laurent Réveillère,et al.  Devil: an IDL for hardware programming , 2000, OSDI.