Alexander Bulekov, Bandan Das, Stefan Hajnoczi, Manuel Egele
{"title":"没有语法,没有问题:在没有系统调用描述的情况下模糊Linux内核","authors":"Alexander Bulekov, Bandan Das, Stefan Hajnoczi, Manuel Egele","doi":"10.14722/ndss.2023.24688","DOIUrl":null,"url":null,"abstract":"—The integrity of the entire computing ecosystem depends on the security of our operating systems (OSes). Unfortunately, due to the scale and complexity of OS code, hundreds of security issues are found in OSes, every year [32]. As such, operating systems have constantly been prime use-cases for applying security-analysis tools. In recent years, fuzz-testing has appeared as the dominant technique for automatically finding security issues in software. As such, fuzzing has been adapted to find thousands of bugs in kernels [14]. However, modern OS fuzzers, such as Syzkaller, rely on precise, extensive, manually-created harnesses and grammars for each interface fuzzed within the kernel. Due to this reliance on grammars, current OS fuzzers are faced with scaling-issues. In this paper, we present F UZZ NG, our generic approach to fuzzing system-calls on OSes. Unlike Syzkaller, F UZZ NG does not require intricate descriptions of system-call interfaces in order to function. Instead F UZZ NG leverages fundamental kernel design features in order to reshape and simplify the fuzzer’s input-space. As such F UZZ NG only requires a small config, for each new target: essentially a list of files and system-call numbers the fuzzer should explore.","PeriodicalId":199733,"journal":{"name":"Proceedings 2023 Network and Distributed System Security Symposium","volume":"16 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"No Grammar, No Problem: Towards Fuzzing the Linux Kernel without System-Call Descriptions\",\"authors\":\"Alexander Bulekov, Bandan Das, Stefan Hajnoczi, Manuel Egele\",\"doi\":\"10.14722/ndss.2023.24688\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"—The integrity of the entire computing ecosystem depends on the security of our operating systems (OSes). Unfortunately, due to the scale and complexity of OS code, hundreds of security issues are found in OSes, every year [32]. As such, operating systems have constantly been prime use-cases for applying security-analysis tools. In recent years, fuzz-testing has appeared as the dominant technique for automatically finding security issues in software. As such, fuzzing has been adapted to find thousands of bugs in kernels [14]. However, modern OS fuzzers, such as Syzkaller, rely on precise, extensive, manually-created harnesses and grammars for each interface fuzzed within the kernel. Due to this reliance on grammars, current OS fuzzers are faced with scaling-issues. In this paper, we present F UZZ NG, our generic approach to fuzzing system-calls on OSes. Unlike Syzkaller, F UZZ NG does not require intricate descriptions of system-call interfaces in order to function. Instead F UZZ NG leverages fundamental kernel design features in order to reshape and simplify the fuzzer’s input-space. As such F UZZ NG only requires a small config, for each new target: essentially a list of files and system-call numbers the fuzzer should explore.\",\"PeriodicalId\":199733,\"journal\":{\"name\":\"Proceedings 2023 Network and Distributed System Security Symposium\",\"volume\":\"16 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"1900-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings 2023 Network and Distributed System Security Symposium\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.14722/ndss.2023.24688\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings 2023 Network and Distributed System Security Symposium","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.14722/ndss.2023.24688","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
No Grammar, No Problem: Towards Fuzzing the Linux Kernel without System-Call Descriptions
—The integrity of the entire computing ecosystem depends on the security of our operating systems (OSes). Unfortunately, due to the scale and complexity of OS code, hundreds of security issues are found in OSes, every year [32]. As such, operating systems have constantly been prime use-cases for applying security-analysis tools. In recent years, fuzz-testing has appeared as the dominant technique for automatically finding security issues in software. As such, fuzzing has been adapted to find thousands of bugs in kernels [14]. However, modern OS fuzzers, such as Syzkaller, rely on precise, extensive, manually-created harnesses and grammars for each interface fuzzed within the kernel. Due to this reliance on grammars, current OS fuzzers are faced with scaling-issues. In this paper, we present F UZZ NG, our generic approach to fuzzing system-calls on OSes. Unlike Syzkaller, F UZZ NG does not require intricate descriptions of system-call interfaces in order to function. Instead F UZZ NG leverages fundamental kernel design features in order to reshape and simplify the fuzzer’s input-space. As such F UZZ NG only requires a small config, for each new target: essentially a list of files and system-call numbers the fuzzer should explore.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
