FAVDisco: Modeling and Discovering File Access Vulnerabilities

FAVDisco: Modeling and Discovering File Access Vulnerabilities

연구 분야: Strategies

학회: ACM Transactions on Software Engineering and Methodology

File access vulnerabilities (FAVs) are one type of security weakness arising from adversary manipulations of file access inputs, posing significant threats to system integrity. Despite their prevalence, FAVs remain underexplored due to limited understanding, complex triggering scenarios, and stealthy and diverse manifestations; these challenges render current detection approaches incomplete and inaccurate. To this end, we conducted an in-depth empirical study across 204 file-related CVEs, uncovering the root cause and trigger mechanisms of FAVs. Based on these findings, we propose an exhaustive accessing model and a specialized threat model that define the Adversary and Attack Surface for FAVs, enabling systematic attribution and analysis of file operations. Furthermore, we propose FAVDisco, a novel framework for discovering FAVs by mutating, triggering, and analyzing file operations. It employs a File Mutator to simulate diverse execution scenarios and a FAV Checker that integrates a model-based adversary controllable checker with pattern-based detection rules to identify FAVs. Implemented on Windows, FAVDisco achieves remarkable performance with 92.1% precision and 83.3% recall on the disclosed FAV detection task, outperforming state-of-the-art methods. Moreover, it uncovers 13 zero-day FAVs in 10 widely-used services, with 6 assigned new CVEs and earning a reward of $29,000 from Microsoft Security Response Center.