Exaggerated Error Handling Hurts! An In-Depth Study and Context-Aware Detection [conference paper]
Conference
Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security - October 30, 2020
Authors
Aditya Pakki (Ph.D. student), Kangjie Lu (assistant professor)
Abstract
Operating system (OS) kernels frequently encounter various errors due to invalid internal states or external inputs. To ensure the security and reliability of OS kernels, developers propose a diverse set of mechanisms to conservatively capture and handle potential errors. Existing research has thus primarily focused on the completeness and adequacy of error handling to not miss the attention. However, we find that handling an error with an over-severe level (eg, unnecessarily terminating the execution) instead hurts the security and reliability. In this case, the error-handling consequences are even worse than the error it attempts to resolve. We call such a case Exaggerated Error Handling (EEH). The security impacts of EEH bugs vary, including denial-of-service, data losses, broken control-flow integrity, memory leaks, etc. Despite its significance, detecting EEH remains an unexplored topic.
Link to full paper
Exaggerated Error Handling Hurts! An In-Depth Study and Context-Aware Detection
Keywords
security