Skip to content

cve-analyzer

Directory actions

More options

Directory actions

More options

Latest commit

 

History

History

cve-analyzer

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
data
data
 
 
diff_classify
diff_classify
 
 
README.md
README.md
 
 
acfunc.py
acfunc.py
 
 
analyzer.py
analyzer.py
 
 
const.py
const.py
 
 
cvedb.py
cvedb.py
 
 
filter.py
filter.py
 
 
gitif.py
gitif.py
 
 
kfp.py
kfp.py
 
 
kv.py
kv.py
 
 

README.md

CVE Analyzer for our KACV Study

Intro

We develop a CVE analyzer for our study on Kernel Access Control Vulnerabilities (KACVs). It is able to collect the CVE reports related to KACVs from the National Vulnerability Database and generate statistical results to help researchers understand the root causes and security impacts of KACVs. The results are shown in Section 2 of our paper "ACHyb: A Hybrid Analysis Approach to Detect Kernel Access Control Vulnerabilities".

Setup

Python Execution Environment

Our tool is implemented in Python 3.8 with a few common packages numpy, matplotlib, pickle, etc. We suggest using the Anaconda 3 package distribution, which includes all the required packages.

Linux Kernel Repo

Our tool requires the Linux kernel repo to collect the commits/patches associated with KACVs. This can be obtained by running the following script from the root folder of our repo:

mkdir kernel
cd kernel
git clone https://github.com/torvalds/linux.git

The CVE-Search Tool (Optional)

The CVE-Search tool is used to collect CVE reports associated with KACVs. To help users easily reproduce the results shown in our study, we have saved all collected CVE reports in the data/cves.pickle, which will be automatically loaded by our tool. However, if you want to recollect the CVE reports, the CVE-Search tool is required. To do so, you need to clone the CVE-Search repo from the root folder of our repo (the command is given below).

git clone https://github.com/cve-search/cve-search.git

Then you need to refer to the CVE-Search's instruction to install the dependencies such as mongodb and Redis, and download the CVE dataset. Note that it could take several hours to download the full CVE dataset.

Usage

Basic Feature

To reproduce the results of our study, just run our Python program using the following command:

python3 analyzer.py

Our tool generates figures containing all the results of our study, which are saved in the fig folder. In detail, fig/study1.pdf shows the number of CVE reports related to the KACVs from 2010 to 2020; fig/study2.pdf shows the three categories of KACVs based on the identified root causes; fig/study3.pdf shows the vulnerability severity of KCAV-M and KACV-I which was measured in CVSS v3.0 ratings; fig/study4.pdf shows the statistics of the security threats caused by KCAV-M and KACV-I. These figures are demonstrated in Section 2 of our paper.

Advanced Features

Besides generating the above four figures, our tool is able to report more results illustrated as follows.

Recollect CVE Reports

Assuming the CVE-Search tool and the full CVE dataset have been installed during the experimental setup stage, you can recollect the CVE reports by running the following command:

python3 analyzer.py --cvesearch

Tips: before running the above command, please back up the data/cves.pickle file, as it will be overridden by the newly collected CVE reports.

Download Exploits

To get the exploits of the CVEs for further study, just run the following command:

python3 analyzer.py --exploits

The exploits available at exploit-db.com will be downloaded to the exploits folder. Our tool currently can only find a small portion of exploits. In future, we will improve it to support more exploit sources.

KACV Distribution associated with Subsystems

To help researchers understand the distribution of KACVs, our tool is able to count the KACVs for common kernel subsystems:

python3 analyzer.py --subsystems

A figure calledfig/other1.pdf is then generated for your reference.