Zhengyang Huang, Xuyan Song, Yifan Luo, Jun Yang, Baojiang Cui
{"title":"Syzballer: Kernel Fuzzing Based on Basic Block Weight and Multi-armed Bandit","authors":"Zhengyang Huang, Xuyan Song, Yifan Luo, Jun Yang, Baojiang Cui","doi":"10.1109/ICCC56324.2022.10065711","DOIUrl":null,"url":null,"abstract":"The Linux operating system is now extensively used on personal computers, cloud platforms, and enterprise servers. The security of the Linux kernel has also increased in importance. Several techniques, such as symbolic execution, data flow analysis, and reinforcement learning, have been adapted for vulnerability discovery in recent years. Among these techniques, fuzzing is the most widely used one. However, the ease of accessing each kernel code basic block has not been considered in previous research. This means many high-risk vulnerabilities cannot be detected. To solve this problem, we present Syzballer, a hybrid fuzzer that combines multi-armed bandits with basic block weight, which is calculated by traversing the control flow graph generated by the kernel source code. First, we compile the kernel source code into LLVM bitcode and use the static analysis tool SVF to compute the weight of each basic block. Then we launched the fuzzer and loaded the weight file. Finally, a multi-armed bandit machine model is used to dynamically alter the task and seed selection. To verify the effectiveness of Syzballer, we compared it with the two most popular kernel fuzzers, Syzkaller and Syzvegas. Experiments have demonstrated that our Syzballer has improved in terms of code coverage and vulnerability detection.","PeriodicalId":263098,"journal":{"name":"2022 IEEE 8th International Conference on Computer and Communications (ICCC)","volume":"17 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE 8th International Conference on Computer and Communications (ICCC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICCC56324.2022.10065711","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
The Linux operating system is now extensively used on personal computers, cloud platforms, and enterprise servers. The security of the Linux kernel has also increased in importance. Several techniques, such as symbolic execution, data flow analysis, and reinforcement learning, have been adapted for vulnerability discovery in recent years. Among these techniques, fuzzing is the most widely used one. However, the ease of accessing each kernel code basic block has not been considered in previous research. This means many high-risk vulnerabilities cannot be detected. To solve this problem, we present Syzballer, a hybrid fuzzer that combines multi-armed bandits with basic block weight, which is calculated by traversing the control flow graph generated by the kernel source code. First, we compile the kernel source code into LLVM bitcode and use the static analysis tool SVF to compute the weight of each basic block. Then we launched the fuzzer and loaded the weight file. Finally, a multi-armed bandit machine model is used to dynamically alter the task and seed selection. To verify the effectiveness of Syzballer, we compared it with the two most popular kernel fuzzers, Syzkaller and Syzvegas. Experiments have demonstrated that our Syzballer has improved in terms of code coverage and vulnerability detection.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
