SyzLego: Enhancing Kernel Directed Greybox Fuzzing via Dependency Inference and Scheduling

被引:0
|
作者
Liao, Chengxiang [1 ]
Wang, Ruipeng [1 ]
Li, Yuwei [1 ]
Chen, Juxing [1 ]
Li, Yang [1 ]
Pan, Zulie [1 ]
机构
[1] Natl Univ Def Technol, Changsha, Peoples R China
来源
INFORMATION SECURITY, PT I, ISC 2024 | 2025年 / 15257卷
关键词
Directed greybox fuzzing; Linux kernel fuzzing; Static analysis; OS security;
D O I
10.1007/978-3-031-75757-0_9
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
The security of the kernel is crucial for the operating system (OS) and all user applications. Directed greybox fuzzing (DGF) is an efficient method for testing specific target sites in programs. Unlike conventional user-space application fuzzing, kernel directed fuzzing requires generating the correct sequence of syscalls and fulfilling their arguments appropriately in order to test the target site. However, the current neglect of implicit dependencies between syscalls makes fuzzing inefficient. In addition, the task scheduling, not suitable for DGF in the kernel, hinders the speed of reaching the target site. To address these challenges, we present SyzLego, a general DGF solution for Linux kernel. SyzLego leverages a novel static analysis to enhance syscall dependency inference and adjust task scheduling for DGF. SyzLego first extracts nested function pointers and applies a type-matching instruction filter to infer implicit dependencies between functions. It then combines these implicit dependencies to enhance syscall dependency inference and adjusts task scheduling to suit DGF. We implement SyzLego and evaluate it against the state-of-the-art SyzDirect using a dataset of known bugs. The results demonstrate that SyzLego outperforms SyzDirect, achieving an average speedup of 2.94 and a maximum speedup of 22.46 across all reached target sites.
引用
收藏
页码:171 / 189
页数:19
相关论文
共 7 条
  • [1] SYZDIRECT: Directed Greybox Fuzzing for Linux Kernel
    Tan, Xin
    Zhang, Yuan
    Lu, Jiadong
    Xiong, Xin
    Liu, Zhuang
    Yang, Min
    PROCEEDINGS OF THE 2023 ACM SIGSAC CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, CCS 2023, 2023, : 1630 - 1644
  • [2] SyzGen plus plus : Dependency Inference for Augmenting Kernel Driver Fuzzing
    Chen, Weiteng
    Hao, Yu
    Zhang, Zheng
    Zou, Xiaochen
    Kirat, Dhilung
    Mishra, Shachee
    Schales, Douglas
    Jang, Jiyong
    Qian, Zhiyun
    45TH IEEE SYMPOSIUM ON SECURITY AND PRIVACY, SP 2024, 2024, : 4661 - 4677
  • [3] ODDFUZZ: Discovering Java Deserialization Vulnerabilities via Structure-Aware Directed Greybox Fuzzing
    Cao, Sicong
    He, Biao
    Sun, Xiaobing
    Ouyang, Yu
    Zhang, Chao
    Wu, Xiaoxue
    Su, Ting
    Bo, Lili
    Li, Bin
    Ma, Chuanlei
    Li, Jiajia
    Wei, Tao
    arXiv, 2023,
  • [4] ODDFuzz: Discovering Java Deserialization Vulnerabilities via Structure-Aware Directed Greybox Fuzzing
    Yangzhou University, China
    不详
    不详
    不详
    Proc. IEEE Symp. Secur. Privacy, (2726-2743):
  • [5] ODDFUZZ: Discovering Java']Java Deserialization Vulnerabilities via Structure-Aware Directed Greybox Fuzzing
    Cao, Sicong
    He, Biao
    Sun, Xiaobing
    Ouyang, Yu
    Zhang, Chao
    Wu, Xiaoxue
    Su, Ting
    Bo, Lili
    Li, Bin
    Ma, Chuanlei
    Li, Jiajia
    Wei, Tao
    2023 IEEE SYMPOSIUM ON SECURITY AND PRIVACY, SP, 2023, : 2726 - 2743
  • [6] Intelligent Zigbee Protocol Fuzzing via Constraint-Field Dependency Inference
    Ren, Mengfei
    Zhang, Haotian
    Ren, Xiaolei
    Ming, Jiang
    Lei, Yu
    COMPUTER SECURITY - ESORICS 2023, PT II, 2024, 14345 : 467 - 486
  • [7] Everything is Good for Something: Counterexample-Guided Directed Fuzzing via Likely Invariant Inference
    Huang, Heqing
    Zhou, Anshunkang
    Payer, Mathias
    Zhang, Charles
    45TH IEEE SYMPOSIUM ON SECURITY AND PRIVACY, SP 2024, 2024, : 1956 - 1973