Cross-Architecture Testing for Compiler-Introduced Security Bugs
There is a gap between correct compilation and secure compilation. Compared to just testing correctness, testing the security of compiled programs is harder for three reasons. First, the introduced security bugs tend to be silent, so that they may not be observable when we run the compiled programs. Second, the optimizations of compilers have become extremely complicated, it is hard to verify or validate their security. Third, the occurrences of security bugs also depend on environments such as the architecture; only analyzing the optimizations themselves may not reveal the bugs. The silent security bugs introduced by compilers, once triggered, can incur critical impacts and hide in the programs for a long time. Therefore,it is important to develop a new approach that can effectively discover the security bugs introduced by compilers.
In this paper, we propose a new approach—cross-arch testing—that automatically discovers compiler-introduced security bugs, without the need of understanding the complicated optimization logic or modeling the environments.The idea is based on an observation that today’s compilers have supported many architectures. For example, the Linux kernel can be compiled for more than 25 different architectures. The significant number of architectures allows us to cross-check the compilation security. In particular, some optimizations strategies and the implementations for different architectures are mainly independent. However, in most cases, the compilation results regarding security-related states should be consistent. If the optimization of a specific architecture handles security-related states differently, we report it as a potential security bug. That is, we identify security-related deviations across the architectures as insecure compilation. We plan to apply our testing to widely used multi-architecture software like the Linux kernel, and expect to discover previously-unknown insecure compilation cases.