No Grammar, No Problem: Towards Fuzzing the Linux Kernel without System-Call Descriptions

Bulekov, Alexander; Das, Bandan; Hajnoczi, Stefan; Egele, Manuel

doi:10.14722/ndss.2023.24688

Cited by 5 publications

(14 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In addition, Nyx uses grammar rules to specify the structure of the target emulated devices. Relying on manual input grammars per device requires manual work to specify grammar rules [16], thereby several studies record the interactions between the guest operating system and the device [16]- [19]. Henderson et al [17] selectively instrument the code of a given virtual device, and perform a record and replay of the only memory-mapped I/O (MMIO) activity of the virtual device in QEMU.…”

Section: B Device Virtualization Testingmentioning

confidence: 99%

“…Henderson et al [17] selectively instrument the code of a given virtual device, and perform a record and replay of the only memory-mapped I/O (MMIO) activity of the virtual device in QEMU. VShutlle, Morphuzz, and MundoFuzz [16], [18], [19] fuzz the entire emulated device input interface including DMA interactions. Contrary to MMIO and PIO interactions that call the hypervisor intervention interrupting the VM (VM exit), the DMA does not interrupt the VM.…”

Section: B Device Virtualization Testingmentioning

confidence: 99%

“…Contrary to MMIO and PIO interactions that call the hypervisor intervention interrupting the VM (VM exit), the DMA does not interrupt the VM. Indeed, both the work [18], [19] instrument the DMA API of the Hypervisor to target the dynamic memory regions where the DMA is working. Instead, MundoFuzz [16] collects IO instructions and DMA operations within the guest operating system without hypervisor instrumentation.…”

Section: B Device Virtualization Testingmentioning

confidence: 99%

“…Existing hypervisor fuzzing solutions fall short when targeting hardware-assisted virtualization, for the following reasons. First, state-of-the-art fuzzers mostly target I/O virtualization [15]- [19], starting from the same VM state, thus leaving behind the vCPU abstraction, which is the core of hardwareassisted hypervisors. Second, current studies are facing serious issues related to seed generation, which range from the building of a valid VM state to start the fuzzing [20], [21] to the generation of valid seeds to be corrupted to accelerate the fuzzing, which may require the use of an ad-hoc OS within VM [15], [22], up to manually constructed seeds [20], [21], [23], [24].…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

IRIS: a Record and Replay Framework to Enable Hardware-assisted Virtualization Fuzzing

Cesarano¹,

Cinque²,

Cotroneo³

et al. 2023

Preprint

View full text Add to dashboard Cite

Nowadays, industries are looking into virtualization as an effective means to build safe applications, thanks to the isolation it can provide among virtual machines (VMs) running on the same hardware. In this context, a fundamental issue is understanding to what extent the isolation is guaranteed, despite possible (or induced) problems in the virtualization mechanisms. Uncovering such isolation issues is still an open challenge, especially for hardware-assisted virtualization, since the search space should include all the possible VM states (and the linked hypervisor state), which is prohibitive. In this paper, we propose IRIS, a framework to record (learn) sequences of inputs (i.e., VM seeds) from the real guest execution (e.g., OS boot), replay them as-is to reach valid and complex VM states, and finally use them as valid seed to be mutated for enabling fuzzing solutions for hardware-assisted hypervisors. We demonstrate the accuracy and efficiency of IRIS in automatically reproducing valid VM behaviors, with no need to execute guest workloads. We also provide a proof-of-concept fuzzer, based on the proposed architecture, showing its potential on the Xen hypervisor.

show abstract

Section: B Device Virtualization Testingmentioning

confidence: 99%

Section: B Device Virtualization Testingmentioning

confidence: 99%

Section: B Device Virtualization Testingmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

IRIS: a Record and Replay Framework to Enable Hardware-assisted Virtualization Fuzzing

Cesarano¹,

Cinque²,

Cotroneo³

et al. 2023

Preprint

View full text Add to dashboard Cite

show abstract

“…1. We notice some attack surface reduction works at the system call level for application scenarios other than Node.js [21][22][23][24][25][26][27][28][29]. However, such low level protection is currently missing for Node.js and several unique challenges are to be properly addressed.…”

Section: Introductionmentioning

confidence: 99%

Learning ability of top university students in China: Shanghai Jiao Tong University as a case study

Wang

2022

SN Soc Sci

View full text Add to dashboard Cite

The network illustrates the interrelationships among diverse entities and has attracted considerable attention. A wide range of applications makes the network a popular modeling tool, including but not limited to social networks [1], business administration [2], and city construction [3]. In these fields, quantifying network value is essential. By examining network value, companies gain insights into consumer behavior, allowing them to refine marketing strategies accordingly [4]. Similarly, investigating network value can assist urban planners in better understanding the utilization and demands for public facilities, ultimately optimizing city construction [5]. To better understand network value, researchers have established some influential laws that describe network value in terms of the number of neighbors, edges, and subgraphs.Sarnoff 's Law. In the 1940s, David Sarnoff proposed that the value of a broadcasting network is directly proportional to the number of nodes (audience), which is also known as Sarnoff's law [6]. For example, in the case of TV programs, the network value increases linearly with the number of the audience, because the growing number of audiences allows advertisers to access more potential customers. This results in more advertisers, increased revenues, and higher broadcast media demand. Formally, for a network with n nodes, the communication value is Θ(n). This law was initially applied to the film industry, later extended to television, and usually represents one-way communication. Broadcasting can only transmit messages unidirectionally to users, but cannot spread information within users.Metcalfe's Law. With the conferral of the Turing Award on Robert Metcalfe in 2022, Metcalfe's law[7] has regained attention. Metcalfe's law was proposed on the background of the increasing number of Ethernet users and growing attention to the interconnection value of networks. Metcalfe argues that if the value of each node (terminal) is equal, the value of a network is proportional to the number of edges. One of the classic illustrations of Metcalfe's law lies in communication networks, where a network with n users can provide interconnection value proportional to approximately n 2 , i.e. Θ(n 2 ), as each user can communicate with the other n − 1 users in the network. Despite the many challenges associated with the development of the network, such as network scale, connection quality, and network design, Metcalfe's law remains applicable in some scenarios, especially in the field of cloud computing [8]. The increasing number of cloud computing users leads to the availability of more resources, which in turn attracts additional users, creating a virtuous cycle of growth. As a theory for describing the interconnection value of networks, Metcalfe's law is held in high regard and possesses significant implications for communication networks, the Internet, and social networks.Reed's Law. In 2000, David Reed proposed Reed's law [9] for group-forming networks (GFNs). He argued that network value depends not ...

show abstract

SoK: Prudent Evaluation Practices for Fuzzing

Schloegel,

Bars,

Schiller

et al. 2024

2024 IEEE Symposium on Security and Privacy (SP)

View full text Add to dashboard Cite

No Grammar, No Problem: Towards Fuzzing the Linux Kernel without System-Call Descriptions

Cited by 5 publications

References 0 publications

IRIS: a Record and Replay Framework to Enable Hardware-assisted Virtualization Fuzzing

IRIS: a Record and Replay Framework to Enable Hardware-assisted Virtualization Fuzzing

Learning ability of top university students in China: Shanghai Jiao Tong University as a case study

SoK: Prudent Evaluation Practices for Fuzzing

Contact Info

Product

Resources

About