Short Abstract and What This is?
While kernel drivers have long been know to poses huge security risks, due to their privileged access and lower code quality, bug-finding tools for drivers are still greatly lacking both in quantity and effectiveness. This is because
the pointer-heavy code in these drivers present some of the hardest challenges to static analysis, and their tight coupling with the hardware make dynamic analysis infeasible in most cases.
DR.CHECKER, a soundy (i.e., mostly sound) bug-finding tool for Linux kernel drivers that is based on well-known program analysis techniques. We are able to overcome many of the inherent limitations of static analysis
by scoping our analysis to only the most bug-prone parts of the kernel (i.e., the drivers), and by only sacrificing soundness in very few cases to ensure that our technique is both scalable and precise. DR.CHECKER is a fully-automated static analysis tool capable of performing general bug finding using both pointer and taint analyses
that are flow-sensitive, context-sensitive, and fieldsensitive on kernel drivers.
+ LLVM v3.8 or higher
+ cmake v3.2 or higher
+ python 2.7.x & git
git clone https://github.com/ucsb-seclab/dr_checker && cd dr_checker
python helper_scripts/setup_drchecker.py -o drchecker_deps
Running DR.CHECKER analysis
python /helper_scripts/runner_scripts/run_all.py -h