13 Hits in 2.5 sec

CoLaFUZE: Coverage-Guided and Layout-Aware Fuzzing for Android Drivers

Tianshi MU, Huabing ZHANG, Jian WANG, Huijuan LI
2021 IEICE transactions on information and systems  
We present CoLaFUZE, a coverage-guided and layout-aware fuzzing tool for automatically generating valid inputs and exploring the driver code.  ...  CoLaFUZE leverages dynamic analysis and symbolic execution to recover the driver interfaces and generates valid inputs for the interfaces.  ...  To show the effectiveness of the proposed interface recovery method, we compare the recovery result of CoLa-FUZE against the result of DIFUZE, an interface-aware kernel fuzzing tool.  ... 
doi:10.1587/transinf.2021ngp0005 fatcat:lzvdg2zvljhurmfxot3sdqcj6q

Unicorefuzz: On the Viability of Emulation for Kernelspace Fuzzing

Dominik Maier, Benedikt Radtke, Bastian Harren
2019 Workshop on Offensive Technologies  
This is especially true for code that cannot run as part of a userland process on desktop operating systems -for example device drivers and kernel components.  ...  Emulator-based fuzzing of kernel code is not very complex to set up and can even be used to fuzz operating systems and devices for which no source code is available.  ...  Acknowledgments The authors wish to thank Vincent Ulitzsch, Fabian Freyer and Marius Muench for valuable input.  ... 
dblp:conf/woot/MaierRH19 fatcat:7w3iot2qfzhkxhwtwnzu5bqdx4

USBFuzz: A Framework for Fuzzing USB Drivers by Device Emulation

Hui Peng, Mathias Payer
2020 USENIX Security Symposium  
This interface exposes the OS kernels and device drivers to attacks by malicious devices.  ...  We present USBFuzz, a portable, flexible, and modular framework for fuzz testing USB drivers.  ...  Acknowledgments We thank our shepherd and the anonymous reviewers for their insightful comments.  ... 
dblp:conf/uss/PengP20 fatcat:lhbie4js5ja53g3k23vhvp63sa

Fuzzing Error Handling Code in Device Drivers Based on Software Fault Injection

Zu-Ming Jiang, Jia-Ju Bai, Julia Lawall, Shi-Min Hu
2019 2019 IEEE 30th International Symposium on Software Reliability Engineering (ISSRE)  
During driver execution, by analyzing runtime information, it automatically fuzzes error-site sequences for fault injection to improve code coverage.  ...  Device drivers remain a main source of runtime failures in operating systems. To detect bugs in device drivers, fuzzing has been commonly used in practice.  ...  ACKNOWLEDGMENT We would like to thank the Linux driver developers who gave helpful feedback on our bug reports.  ... 
doi:10.1109/issre.2019.00022 dblp:conf/issre/JiangBL019 fatcat:xhnjoxocmvaxdjbvtxaefi24iq

FuzzGen: Automatic Fuzzer Generation

Kyriakos K. Ispoglou, Daniel Austin, Vishwath Mohan, Mathias Payer
2020 USENIX Security Symposium  
FuzzGen leverages a whole system analysis to infer the library's interface and synthesizes fuzzers specifically for that library.  ...  Fuzzing is a testing technique to discover unknown vulnerabilities in software.  ...  Acknowledgments We thank our shepherd Tuba Yavuz and the anonymous reviewers for their insightful comments.  ... 
dblp:conf/uss/IspoglouAMP20 fatcat:aohpeyduyjhmlbv4occ22y6zay

Be Sensitive and Collaborative: Analyzing Impact of Coverage Metrics in Greybox Fuzzing

Jinghan Wang, Yue Duan, Wei Song, Heng Yin, Chengyu Song
2019 International Symposium on Recent Advances in Intrusion Detection  
Coverage-guided greybox fuzzing has become one of the most common techniques for finding software bugs.  ...  dataset as a previous approach (Driller) that combines fuzzing and concolic execution.  ...  DIFUZE [10] uses a specific interface recovered from statically analyzing kernel drive code to generate correctly-structured input for fuzzing kernel drivers.  ... 
dblp:conf/raid/WangDSYS19 fatcat:qq2327th65b5hcfbdfut6z4zpy

Krace: Data Race Fuzzing for Kernel File Systems

Meng Xu, Sanidhya Kashyap, Hanqing Zhao, Taesoo Kim
2020 2020 IEEE Symposium on Security and Privacy (SP)  
and happens-before modeling for kernel synchronization primitives for precise data race detection.  ...  progress in the concurrency dimension; 2) an evolution algorithm for generating, mutating, and merging multithreaded syscall sequences as inputs for concurrency fuzzing; and 3) a comprehensive lockset  ...  For example, MoonShine [25] captures dependencies between syscalls and DIFUZE [26] generates interface-aware inputs.  ... 
doi:10.1109/sp40000.2020.00078 dblp:conf/sp/XuKZK20 fatcat:peuriktijjbn7mzyfxyrgyfyu4

PASAN: Detecting Peripheral Access Concurrency Bugs within Bare-Metal Embedded Applications

Taegyu Kim, Vireshwar Kumar, Junghwan Rhee, Jizhou Chen, Kyungtae Kim, Chung Hwan Kim, Dongyan Xu, Dave (Jing) Tian
2021 USENIX Security Symposium  
In this paper, we propose a static analysis tool namely PASAN to detect peripheral access concurrency issues for embedded systems.  ...  PASAN automatically finds the MMIO address range of each peripheral device using the parser-ready memory layout documents, extracts the peripheral's internal state machines using the corresponding device drivers  ...  Acknowledgment We thank the anonymous reviewers for their valuable comments. This work was supported in part by ONR under Grants N00014-20-1-2128 and N00014-17-1-2045.  ... 
dblp:conf/uss/KimKRCKKXT21 fatcat:gu3v5p3fsjc3fd7ajj4jsac6lu

SmartSeed: Smart Seed Generation for Efficient Fuzzing [article]

Chenyang Lyu, Shouling Ji, Yuwei Li, Junfeng Zhou, Jianhai Chen, Jing Chen
2019 arXiv   pre-print
As shown in existing literature, the seed file selection is crucial for the efficiency of fuzzing.  ...  Second, it can generate seeds with multiple kinds of input formats and significantly improves the fuzzing performance for most applications with the same input format.  ...  As for kernel vulnerabilities, Corina et al. presented an interface-aware fuzzing tool named DIFUZE to automatically generate inputs for kernel drivers [36].  ... 
arXiv:1807.02606v3 fatcat:o3pjje523bejhhkozcbjrcdrku

PeriScope: An Effective Probing and Fuzzing Framework for the Hardware-OS Boundary

Dokyung Song, Felicitas Hetzelt, Dipanjan Das, Chad Spensky, Yeoul Na, Stijn Volckaert, Giovanni Vigna, Christopher Kruegel, Jean-Pierre Seifert, Michael Franz
2019 Proceedings 2019 Network and Distributed System Security Symposium   unpublished
The OS kernel is an attractive target for remote attackers.  ...  Ongoing kernel protection efforts have focused primarily on securing this boundary; several capable analysis and fuzzing frameworks have been developed for this purpose.  ...  ACKNOWLEDGMENT The authors would like to thank the anonymous reviewers for their valuable feedback. The authors also thank Paul Kirth and Joseph Nash for their help with proofreading this paper.  ... 
doi:10.14722/ndss.2019.23176 fatcat:2etqtt3pmrdptn76ylqa2eu3mu

Karonte: Detecting Insecure Multi-binary Interactions in Embedded Firmware

Nilo Redini, Aravind Machiry, Ruoyu Wang, Chad Spensky, Andrea Continella, Yan Shoshitaishvili, Christopher Kruegel, Giovanni Vigna
2020 2020 IEEE Symposium on Security and Privacy (SP)  
Government is authorized to reproduce and distribute reprints for Governmental purposes notwithstanding any copyright notation thereon.  ...  ACKNOWLEDGEMENTS We would like to thank our reviewers for their valuable comments and inputs to improve our paper. We also thank Ph.D. Sajjad Arshad and Prof.  ...  DIFUZE [10] uses the interface information extracted using static analysis for fuzzing mobile kernel drivers.  ... 
doi:10.1109/sp40000.2020.00036 dblp:conf/sp/RediniM0SCSKV20 fatcat:5e7tovoefjalndgcdtmrmavmty


Kyriakos K Ispoglou
We propose FuzzGen, a tool for automatically generating fuzzer stubs for libraries. The synthesized fuzzers are target specific, thus resulting in high code coverage.  ...  These phases include the discovery of a vulnerability in the system, its exploitation and the achieving persistence on the compromised system for (potential) further compromise and future access.  ...  DIFUZE [64] was the first approach for interface-aware fuzzing of kernel drivers.  ... 
doi:10.25394/pgs.8041202 fatcat:smkcsjll5bf6xfl47xonzm4yza

Aufzeichnungsbasierte Analyse von Sperren in Betriebssystemen

Alexander Lochmann, Technische Universität Dortmund
DIFUZE: Interface aware fuzzing for kernel drivers. In Proceedings of the ACM SIGSAC Conference on Com-Guancheng Chen and Per Stenstrom.  ...  Improving Linux- kernel tests for lockdoc with feedback-driven fuzzing. In Tagungsband des FG- BS Herbsttre ens , Bonn, . Gesellschaft für Informatik e.V.z. doi: . / fgbs h-.  ... 
doi:10.17877/de290r-22500 fatcat:hi7torg76nbldltvgv3rooqzzq