Syzballer: Kernel Fuzzing Based on Basic Block Weight and Multi-armed Bandit

Zhengyang Huang, Xuyan Song, Yifan Luo, Jun Yang, Baojiang Cui
{"title":"Syzballer: Kernel Fuzzing Based on Basic Block Weight and Multi-armed Bandit","authors":"Zhengyang Huang, Xuyan Song, Yifan Luo, Jun Yang, Baojiang Cui","doi":"10.1109/ICCC56324.2022.10065711","DOIUrl":null,"url":null,"abstract":"The Linux operating system is now extensively used on personal computers, cloud platforms, and enterprise servers. The security of the Linux kernel has also increased in importance. Several techniques, such as symbolic execution, data flow analysis, and reinforcement learning, have been adapted for vulnerability discovery in recent years. Among these techniques, fuzzing is the most widely used one. However, the ease of accessing each kernel code basic block has not been considered in previous research. This means many high-risk vulnerabilities cannot be detected. To solve this problem, we present Syzballer, a hybrid fuzzer that combines multi-armed bandits with basic block weight, which is calculated by traversing the control flow graph generated by the kernel source code. First, we compile the kernel source code into LLVM bitcode and use the static analysis tool SVF to compute the weight of each basic block. Then we launched the fuzzer and loaded the weight file. Finally, a multi-armed bandit machine model is used to dynamically alter the task and seed selection. To verify the effectiveness of Syzballer, we compared it with the two most popular kernel fuzzers, Syzkaller and Syzvegas. Experiments have demonstrated that our Syzballer has improved in terms of code coverage and vulnerability detection.","PeriodicalId":263098,"journal":{"name":"2022 IEEE 8th International Conference on Computer and Communications (ICCC)","volume":"17 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE 8th International Conference on Computer and Communications (ICCC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICCC56324.2022.10065711","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

Abstract

The Linux operating system is now extensively used on personal computers, cloud platforms, and enterprise servers. The security of the Linux kernel has also increased in importance. Several techniques, such as symbolic execution, data flow analysis, and reinforcement learning, have been adapted for vulnerability discovery in recent years. Among these techniques, fuzzing is the most widely used one. However, the ease of accessing each kernel code basic block has not been considered in previous research. This means many high-risk vulnerabilities cannot be detected. To solve this problem, we present Syzballer, a hybrid fuzzer that combines multi-armed bandits with basic block weight, which is calculated by traversing the control flow graph generated by the kernel source code. First, we compile the kernel source code into LLVM bitcode and use the static analysis tool SVF to compute the weight of each basic block. Then we launched the fuzzer and loaded the weight file. Finally, a multi-armed bandit machine model is used to dynamically alter the task and seed selection. To verify the effectiveness of Syzballer, we compared it with the two most popular kernel fuzzers, Syzkaller and Syzvegas. Experiments have demonstrated that our Syzballer has improved in terms of code coverage and vulnerability detection.
Syzballer:基于基本块权和多臂强盗的核模糊
Linux操作系统目前广泛应用于个人计算机、云平台和企业服务器。Linux内核的安全性也变得越来越重要。近年来,符号执行、数据流分析和强化学习等技术已被用于漏洞发现。在这些技术中,模糊测试是应用最广泛的一种。然而,在以往的研究中,并没有考虑到每个内核代码基本块的访问难易程度。这意味着无法检测到许多高风险漏洞。为了解决这个问题,我们提出了Syzballer,这是一个混合模糊器,它结合了多臂匪和基本块权重,通过遍历内核源代码生成的控制流图来计算。首先,我们将内核源代码编译成LLVM位码,并使用静态分析工具SVF计算每个基本块的权重。然后我们启动了fuzzer并加载了权重文件。最后,利用多臂强盗机模型对任务和种子选择进行动态调整。为了验证Syzballer的有效性,我们将它与两种最流行的内核模糊器Syzkaller和Syzvegas进行了比较。实验表明,我们的Syzballer在代码覆盖和漏洞检测方面有了改进。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信