{"title":"通过有针对性的系统调用模糊测试提高HPC安全性","authors":"Vincent M. Weaver","doi":"10.1109/S-HPC56715.2022.00006","DOIUrl":null,"url":null,"abstract":"All modern computer systems, including supercomputers, are vulnerable to a wide variety of security exploits. Performance analysis tools are an often overlooked source of vulnerabilities. Performance measurement interfaces can have security issues that lead to information leakage, denial of service attacks, and possibly even full system compromise. Desktop systems can mitigate risk by disabling performance interfaces, but that is not always possible on HPC systems where performance (and thus measurement) is paramount. We investigate various ways of finding security issues in the performance measurement stack. We introduce the perf_fuzzer, a tool that methodically finds bugs in the Linux perf_event_open () system call. We also discuss the perf_data_fuzzer which looks for userspace bugs in the perf analysis tool. We describe the development of the fuzzing tools, examine the bugs found, and discuss ways to prevent such bugs from occurring in the future.","PeriodicalId":293834,"journal":{"name":"2022 IEEE/ACM First International Workshop on Cyber Security in High Performance Computing (S-HPC)","volume":"30 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Improving HPC Security with Targeted Syscall Fuzzing\",\"authors\":\"Vincent M. Weaver\",\"doi\":\"10.1109/S-HPC56715.2022.00006\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"All modern computer systems, including supercomputers, are vulnerable to a wide variety of security exploits. Performance analysis tools are an often overlooked source of vulnerabilities. Performance measurement interfaces can have security issues that lead to information leakage, denial of service attacks, and possibly even full system compromise. Desktop systems can mitigate risk by disabling performance interfaces, but that is not always possible on HPC systems where performance (and thus measurement) is paramount. We investigate various ways of finding security issues in the performance measurement stack. We introduce the perf_fuzzer, a tool that methodically finds bugs in the Linux perf_event_open () system call. We also discuss the perf_data_fuzzer which looks for userspace bugs in the perf analysis tool. We describe the development of the fuzzing tools, examine the bugs found, and discuss ways to prevent such bugs from occurring in the future.\",\"PeriodicalId\":293834,\"journal\":{\"name\":\"2022 IEEE/ACM First International Workshop on Cyber Security in High Performance Computing (S-HPC)\",\"volume\":\"30 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2022 IEEE/ACM First International Workshop on Cyber Security in High Performance Computing (S-HPC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/S-HPC56715.2022.00006\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE/ACM First International Workshop on Cyber Security in High Performance Computing (S-HPC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/S-HPC56715.2022.00006","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Improving HPC Security with Targeted Syscall Fuzzing
All modern computer systems, including supercomputers, are vulnerable to a wide variety of security exploits. Performance analysis tools are an often overlooked source of vulnerabilities. Performance measurement interfaces can have security issues that lead to information leakage, denial of service attacks, and possibly even full system compromise. Desktop systems can mitigate risk by disabling performance interfaces, but that is not always possible on HPC systems where performance (and thus measurement) is paramount. We investigate various ways of finding security issues in the performance measurement stack. We introduce the perf_fuzzer, a tool that methodically finds bugs in the Linux perf_event_open () system call. We also discuss the perf_data_fuzzer which looks for userspace bugs in the perf analysis tool. We describe the development of the fuzzing tools, examine the bugs found, and discuss ways to prevent such bugs from occurring in the future.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
