{"updated":"2025-01-19T14:58:00.482371+00:00","links":{},"metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00218978","sets":["1164:1867:10898:10972"]},"path":["10972"],"owner":"44499","recid":"218978","title":["Linuxに適用可能なスケーラブルなUse-After-Free脆弱性の静的検出手法"],"pubdate":{"attribute_name":"公開日","attribute_value":"2022-07-20"},"_buckets":{"deposit":"c5f5ef98-e48e-4ed6-aa10-dae82f465cf0"},"_deposit":{"id":"218978","pid":{"type":"depid","value":"218978","revision_id":0},"owners":[44499],"status":"published","created_by":44499},"item_title":"Linuxに適用可能なスケーラブルなUse-After-Free脆弱性の静的検出手法","author_link":["570556","570555","570557"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"Linuxに適用可能なスケーラブルなUse-After-Free脆弱性の静的検出手法"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"メモリ","subitem_subject_scheme":"Other"}]},"item_type_id":"4","publish_date":"2022-07-20","item_4_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"慶應義塾大学"},{"subitem_text_value":"慶應義塾大学"},{"subitem_text_value":"慶應義塾大学"}]},"item_4_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Keio University","subitem_text_language":"en"},{"subitem_text_value":"Keio University","subitem_text_language":"en"},{"subitem_text_value":"Keio University","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/218978/files/IPSJ-OS22156004.pdf","label":"IPSJ-OS22156004.pdf"},"date":[{"dateType":"Available","dateValue":"2024-07-20"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-OS22156004.pdf","filesize":[{"value":"911.8 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"11"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"8bc0363e-bd5d-44e7-a3e5-31a4a3cff167","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2022 by the Information Processing Society of Japan"}]},"item_4_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"花井, 一輝"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"鈴木, 慶汰"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"河野, 健二"}],"nameIdentifiers":[{}]}]},"item_4_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AN10444176","subitem_source_identifier_type":"NCID"}]},"item_4_textarea_12":{"attribute_name":"Notice","attribute_value_mlt":[{"subitem_textarea_value":"SIG Technical Reports are nonrefereed and hence may later appear in any journals, conferences, symposia, etc."}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_18gh","resourcetype":"technical report"}]},"item_4_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"2188-8795","subitem_source_identifier_type":"ISSN"}]},"item_4_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"Linux は広く利用されており，2022 年現在，約 3000 万行のソースコードで構成される大規模なソフトウェアである．Linux にも脆弱性があることが知られており，過去 20 年間で 2500 件以上の CVE が発行されている．その中でも，Use-After-Free (UAF) の脆弱性は少なくなく不正攻撃に悪用される頻度も高い．実際に Linux の修正パッチを調査した結果，2010 年から 2021 年までの UAF に関連するパッチは 2,967 件を超えており，軽量な静的解析を行うことで検知可能なものが多く存在した．以上の分析に基づいて，本論文では，比較的単純な UAF に対象を限定しつつ，Linux のような大規模ソフトウェアにも適用できる静的検出手法を提案する．LLVM 用いて提案手法の実装を行い，Linux のカーネルバージョン 5.18-rc6 で解析を行った結果，既知の UAF 脆弱性だけでなく，少なくとも 1 件の UAF と，12 件の UAF と疑わしいコードを検出することができた．","subitem_description_type":"Other"}]},"item_4_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"7","bibliographic_titles":[{"bibliographic_title":"研究報告システムソフトウェアとオペレーティング・システム（OS）"}],"bibliographicPageStart":"1","bibliographicIssueDates":{"bibliographicIssueDate":"2022-07-20","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"4","bibliographicVolumeNumber":"2022-OS-156"}]},"relation_version_is_last":true,"weko_creator_id":"44499"},"id":218978,"created":"2025-01-19T01:19:19.138963+00:00"}