Syzballer:基于基本块权和多臂强盗的核模糊

Zhengyang Huang, Xuyan Song, Yifan Luo, Jun Yang, Baojiang Cui
{"title":"Syzballer:基于基本块权和多臂强盗的核模糊","authors":"Zhengyang Huang, Xuyan Song, Yifan Luo, Jun Yang, Baojiang Cui","doi":"10.1109/ICCC56324.2022.10065711","DOIUrl":null,"url":null,"abstract":"The Linux operating system is now extensively used on personal computers, cloud platforms, and enterprise servers. The security of the Linux kernel has also increased in importance. Several techniques, such as symbolic execution, data flow analysis, and reinforcement learning, have been adapted for vulnerability discovery in recent years. Among these techniques, fuzzing is the most widely used one. However, the ease of accessing each kernel code basic block has not been considered in previous research. This means many high-risk vulnerabilities cannot be detected. To solve this problem, we present Syzballer, a hybrid fuzzer that combines multi-armed bandits with basic block weight, which is calculated by traversing the control flow graph generated by the kernel source code. First, we compile the kernel source code into LLVM bitcode and use the static analysis tool SVF to compute the weight of each basic block. Then we launched the fuzzer and loaded the weight file. Finally, a multi-armed bandit machine model is used to dynamically alter the task and seed selection. To verify the effectiveness of Syzballer, we compared it with the two most popular kernel fuzzers, Syzkaller and Syzvegas. Experiments have demonstrated that our Syzballer has improved in terms of code coverage and vulnerability detection.","PeriodicalId":263098,"journal":{"name":"2022 IEEE 8th International Conference on Computer and Communications (ICCC)","volume":"17 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Syzballer: Kernel Fuzzing Based on Basic Block Weight and Multi-armed Bandit\",\"authors\":\"Zhengyang Huang, Xuyan Song, Yifan Luo, Jun Yang, Baojiang Cui\",\"doi\":\"10.1109/ICCC56324.2022.10065711\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The Linux operating system is now extensively used on personal computers, cloud platforms, and enterprise servers. The security of the Linux kernel has also increased in importance. Several techniques, such as symbolic execution, data flow analysis, and reinforcement learning, have been adapted for vulnerability discovery in recent years. Among these techniques, fuzzing is the most widely used one. However, the ease of accessing each kernel code basic block has not been considered in previous research. This means many high-risk vulnerabilities cannot be detected. To solve this problem, we present Syzballer, a hybrid fuzzer that combines multi-armed bandits with basic block weight, which is calculated by traversing the control flow graph generated by the kernel source code. First, we compile the kernel source code into LLVM bitcode and use the static analysis tool SVF to compute the weight of each basic block. Then we launched the fuzzer and loaded the weight file. Finally, a multi-armed bandit machine model is used to dynamically alter the task and seed selection. To verify the effectiveness of Syzballer, we compared it with the two most popular kernel fuzzers, Syzkaller and Syzvegas. Experiments have demonstrated that our Syzballer has improved in terms of code coverage and vulnerability detection.\",\"PeriodicalId\":263098,\"journal\":{\"name\":\"2022 IEEE 8th International Conference on Computer and Communications (ICCC)\",\"volume\":\"17 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-12-09\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2022 IEEE 8th International Conference on Computer and Communications (ICCC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICCC56324.2022.10065711\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE 8th International Conference on Computer and Communications (ICCC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICCC56324.2022.10065711","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

摘要

Linux操作系统目前广泛应用于个人计算机、云平台和企业服务器。Linux内核的安全性也变得越来越重要。近年来,符号执行、数据流分析和强化学习等技术已被用于漏洞发现。在这些技术中,模糊测试是应用最广泛的一种。然而,在以往的研究中,并没有考虑到每个内核代码基本块的访问难易程度。这意味着无法检测到许多高风险漏洞。为了解决这个问题,我们提出了Syzballer,这是一个混合模糊器,它结合了多臂匪和基本块权重,通过遍历内核源代码生成的控制流图来计算。首先,我们将内核源代码编译成LLVM位码,并使用静态分析工具SVF计算每个基本块的权重。然后我们启动了fuzzer并加载了权重文件。最后,利用多臂强盗机模型对任务和种子选择进行动态调整。为了验证Syzballer的有效性,我们将它与两种最流行的内核模糊器Syzkaller和Syzvegas进行了比较。实验表明,我们的Syzballer在代码覆盖和漏洞检测方面有了改进。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
Syzballer: Kernel Fuzzing Based on Basic Block Weight and Multi-armed Bandit
The Linux operating system is now extensively used on personal computers, cloud platforms, and enterprise servers. The security of the Linux kernel has also increased in importance. Several techniques, such as symbolic execution, data flow analysis, and reinforcement learning, have been adapted for vulnerability discovery in recent years. Among these techniques, fuzzing is the most widely used one. However, the ease of accessing each kernel code basic block has not been considered in previous research. This means many high-risk vulnerabilities cannot be detected. To solve this problem, we present Syzballer, a hybrid fuzzer that combines multi-armed bandits with basic block weight, which is calculated by traversing the control flow graph generated by the kernel source code. First, we compile the kernel source code into LLVM bitcode and use the static analysis tool SVF to compute the weight of each basic block. Then we launched the fuzzer and loaded the weight file. Finally, a multi-armed bandit machine model is used to dynamically alter the task and seed selection. To verify the effectiveness of Syzballer, we compared it with the two most popular kernel fuzzers, Syzkaller and Syzvegas. Experiments have demonstrated that our Syzballer has improved in terms of code coverage and vulnerability detection.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
期刊最新文献
Backward Edge Pointer Protection Technology Based on Dynamic Instrumentation Experimental Design of Router Debugging based Neighbor Cache States Change of IPv6 Nodes Sharing Big Data Storage for Air Traffic Management Study of Non-Orthogonal Multiple Access Technology for Satellite Communications A Joint Design of Polar Codes and Physical-layer Network Coding in Visible Light Communication System
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1