Semantic Scholar Open Access 2019 200 sitasi

Razzer: Finding Kernel Race Bugs through Fuzzing

Dae R. Jeong Kyungtae Kim B. Shivakumar Byoungyoung Lee I. Shin

Lihat Sumber DOI

Abstrak

A data race in a kernel is an important class of bugs, critically impacting the reliability and security of the associated system. As a result of a race, the kernel may become unresponsive. Even worse, an attacker may launch a privilege escalation attack to acquire root privileges. In this paper, we propose Razzer, a tool to find race bugs in kernels. The core of Razzer is in guiding fuzz testing towards potential data race spots in the kernel. Razzer employs two techniques to find races efficiently: a static analysis and a deterministic thread interleaving technique. Using a static analysis, Razzer identifies over-approximated potential data race spots, guiding the fuzzer to search for data races in the kernel more efficiently. Using the deterministic thread interleaving technique implemented at the hypervisor, Razzer tames the non-deterministic behavior of the kernel such that it can deterministically trigger a race. We implemented a prototype of Razzer and ran the latest Linux kernel (from v4.16-rc3 to v4.18-rc3) using Razzer. As a result, Razzer discovered 30 new races in the kernel, with 16 subsequently confirmed and accordingly patched by kernel developers after they were reported.

Topik & Kata Kunci

Computer Science

Penulis (5)

Dae R. Jeong

Kyungtae Kim

B. Shivakumar

Byoungyoung Lee

I. Shin

Format Sitasi

APA MLA BibTeX

Jeong, D.R., Kim, K., Shivakumar, B., Lee, B., Shin, I. (2019). Razzer: Finding Kernel Race Bugs through Fuzzing. https://doi.org/10.1109/SP.2019.00017

Akses Cepat

Lihat di Sumber doi.org/10.1109/SP.2019.00017

Informasi Jurnal

Tahun Terbit: 2019
Bahasa: en
Total Sitasi: 200×
Sumber Database: Semantic Scholar
DOI: 10.1109/SP.2019.00017
Akses: Open Access ✓