Automatic discovery of system integrity exposures in system code

摘要

A technique is provided for detecting vulnerabilities in system code on a computer. Supervisor call routines and program call routines of the system code are analyzed to determine which are available to a caller program that is an unauthorized program and has a PSW key 8-15. Predefined input parameters are provided to test cases for use by the supervisor call routines and the program call routines in order to generate an output for analysis. The output is analyzed to determine when supervisor call routines and/or program call routines performed a potential vulnerability action. The potential vulnerability action include reading from fetch protected storage, writing to system key (key 0-7) storage, and attempting to access unallocated storage while running with a PSW key 0-7.

主权项

1. A method for detecting vulnerabilities in system code on a computer, the method comprising:
analyzing, by the computer, supervisor call routines and program call routines of the system code to determine the supervisor call routines and the program call routines that are available to a caller program, the caller program being an unauthorized program and having a program status word (PSW) key eight through fifteen; providing, by the computer, predefined input parameters of test cases for execution by each of the supervisor call routines and the program call routines in order to generate an output for analysis; and analyzing, by the computer, the output to determine when at least one of the supervisor call routines and the program call routines performed a potential vulnerability action, the potential vulnerability action comprising: reading from fetch protected storage when a register points to a bad key 8 parameter list with a bad pointer, by running the test cases in which the caller program causes one supervisor call routine or one program call routine to branch to the fetch protected storage related to the bad pointer of the bad key 8 parameter list during execution without abending; wherein the bad pointer in the bad key 8 parameter list is defined to be bad because the one supervisor call routine or the one program call routine branches, on behalf of the caller program having PSW key eight through fifteen, to the fetch protected storage protected by the PSW key zero through seven without abending; writing to system key storage having PSW key zero through seven by the one supervisor call routine or the one program call routine; giving control to the caller program of a program call routine or a supervisor call routine in an authorized state; unauthorizedly receiving control by the caller program in the PSW key zero through seven, by running the test cases in which the caller program causes the one supervisor call routine or the one program call routine to branch to the fetch protected storage related to the bad pointer of the bad key 8 parameter list during execution without abending; wherein unauthorizedly receiving control b the caller program in the PSW key zero through seven means that the caller program has gained control in an authorized state which corresponds to the PSW key zero through seven, when the caller program was initially in the unauthorized state which corresponds to the PSW key eight through fifteen; wherein control relates to the caller program invoking or calling the one supervisor call routine or the one program call routine.