Code pruning is prevalent in IoT kernels. we present CPscan, a system for automatically detecting bugs caused by code pruning in IoT kernels. First, using a new graph-based approach that iteratively conducts a structure-aware basic block matching, CPscan can precisely and efficiently identify the deleted security operations in IoT kernels. Then, CPscan infers the security impact of a deleted security operation by comparing the bounded use chain. The tool, CPscan, can help automatically identify bugs caused by the deletions of security operations in OS kernels.
wget --no-check-certificate -O - https://apt.llvm.org/llvm-snapshot.gpg.key | sudo apt-key add -
add-apt-repository 'deb http://apt.llvm.org/bionic/ llvm-toolchain-bionic-10 main'
sudo apt update
sudo apt-get install llvm-10 lldb-10 llvm-10-dev libllvm10 llvm-10-runtime clang-10
sudo apt install libomp-dev # better specify version
sudo apt-get install libboost-all-dev
see CMakeLists.txt
cd Kanalyzer
mkdir build && cd build
cmake ..
make
- boost_1_72_0
- openmpi
- llvm
$ cd llvm
$ ./build-llvm.sh
# The installed LLVM is of version 10.0.0
# Build the analysis pass of CPscan
$ cd ../analyzer
$ make
# Now, you can find the executable, `kanalyzer`, in `build/lib/`
- The code should be compiled with the built LLVM
- Compile the code with options: -O0 or -O2, -g, -fno-inline
# To analyze a single bitcode file, say "test.bc", run:
$ ./build/lib/kanalyzer -sc test.bc
# To analyze a list of bitcode files, put the absolute paths of the bitcode files in a file, say "bc.list", then run:
$ ./build/lib/kalalyzer -sc @bc.list