Research On Bug Detection For Memory Deallocation Of RUST

Together with the boost on malicious attack technology,the memory-safety threat exposed by the traditional unsafe language C / C ++ grows.Armed with the security protection measures outside the language cannot fundamentally solve the security problems brought by the unsafe language.In order to solve memory-safety issues of the program from the language level,in 2014,Mozilla developed and released the RUST language,which can be used to develop traditional command-line programs,Web applications,web servers,and embedded devices,etc.The program developed by RUST also has high performance and reliability.Although RUST relies on the ownership mechanism and lifetime mechanism to eliminate various memory-safety issues,and at the same time,there is no runtime overhead.But,RUST has to meet some special application scenarios(for example: effective memory access),there are also unsafe RUST code calls in the presence of safe RUST codes,these calls are often reflected in unsafe application interface(API)and foreign function interface(FFI),the implementation of these interfaces often lacks effective compile-time checking,which can lead to potential security flaws(undefined behaviors or memory safety issues),for example,the recent typical bugs in RUST such as CVE-2019-15551,CVE-2019-16880,etc.Such bugs cover the problem of use-after-free and double-free.As a consequence,detecting the above bugs before compiling the RUST program and enhancing the security of the RUST software system have become the hotspot issues in RUST programming.Due to the large differences in memory management and the causes of vulnerabilities between RUST and other languages,the static detection methods for memory deallocation flaws in other languages cannot be applied to RUST programs.And because RUST has just been promoted in the industry,the relevant theoretical researchs have not been fully carried out,so there is a lack of research on the static detection of RUST language bugs.Based on difficulties mentioned above,in this paper,we carry out the UAF and double-free static detection research for RUST language.By collecting and sorting out and analyzing the 10 RUST bugs regarding memory deallocation types(the most typical bugs are UAF and double-free)since 2018,we derive the common characteristics of UAF and double-free bugs.Then for UAF in RUST language,we propose a detection method named RUAFChecker(RUST Use-after-free Checker)based on the comparison of life scope of the reference and the owner of reference;for double-free in RUST language,we propose a detection method named RDFChecker(RUST Double-Free Checker)based on the detection of variable reference and related operations.In terms of implementation,we implement the prototype of the RUST memory deallocation bugs static detection system.Our evaluation results prove that the detection system can effectively detect use-after-free and double-free bugs,which achieves static protection for RUST program.The main contributions of this paper are:1.In this paper,we performed actual use-after-free and double-free vulnerabilities of RUST study.Through CVE information and related open source resources,we collected and collated 10 CVE vulnerabilities of RUST since 2018.Then,by analyzing the specific causes of vulnerabilities in the actual vulnerability codes,we summarized the common characteristics of use-after-free and double-free.2.In this paper,for UAF in RUST language,we proposed a use-after-free detection method named RUAFChecker based on the comparison of life scope of the reference and the owner of reference.Besides,we give out a strategy on identification of the reference and the owner of reference,as well as,we also give out a method on life scope computation of the reference and the owner of reference.3.In this paper,for double-free in RUST language,we proposed a double free detection method named RDFChecker based on variable reference analysis.Besides,we give out a strategy on variable reference detection and related operations detection.4.In this paper,we realized a prototype of the RUST memory deallocation bugs static detection system.Evaluaion results based on POC and RUST actual program test bed proved that the detection system can effectively check use-after-free bugs and double-free bugs and stop attacks by use of these vulnerabilities.Through comparative testing and further analysis and discussion of the detection system,our detection system has initially achieved more comprehensive memory-safety detection.