Exaggerated Error Handling Hurts! An In-Depth Study and Context-Aware Detection [conference paper]
Three computers with locks in a circle illustration

Conference

Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security - October 30, 2020

Authors

Aditya Pakki (Ph.D. student), Kangjie Lu (assistant professor)

Abstract

Operating system (OS) kernels frequently encounter various errors due to invalid internal states or external inputs. To ensure the security and reliability of OS kernels, developers propose a diverse set of mechanisms to conservatively capture and handle potential errors. Existing research has thus primarily focused on the completeness and adequacy of error handling to not miss the attention. However, we find that handling an error with an over-severe level (eg, unnecessarily terminating the execution) instead hurts the security and reliability. In this case, the error-handling consequences are even worse than the error it attempts to resolve. We call such a case Exaggerated Error Handling (EEH). The security impacts of EEH bugs vary, including denial-of-service, data losses, broken control-flow integrity, memory leaks, etc. Despite its significance, detecting EEH remains an unexplored topic.

Link to full paper

Exaggerated Error Handling Hurts! An In-Depth Study and Context-Aware Detection

Keywords

security

Share