HEALER
- 26 October 2021
- conference paper
- conference paper
- Published by Association for Computing Machinery (ACM)
Abstract
Modern operating system kernels are too complex to be free of bugs. Fuzzing is a promising approach for vulnerability detection and has been applied to kernel testing. However, existing work does not consider the influence relations between system calls when generating and mutating inputs, resulting in difficulties when trying to reach into the kernel's deeper logic effectively. In this paper, we propose HEALER, a kernel fuzzer that improves fuzzing's effectiveness by utilizing system call relation learning. HEALER learns the influence relations between system calls by dynamically analyzing minimized test cases. Then, HEALER utilizes the learned relations to guide input generation and mutation, which improves the quality of test cases and the effectiveness of fuzzing. We implemented HEALER and evaluated its performance on recent versions of the Linux kernel. Compared to state-of-the-art kernel fuzzers such as Syzkaller and Moonshine, HEALER improves branch coverage by 28% and 21%, while achieving a speedup of 2.2x and 1.8x, respectively. In addition, HEALER detected 218 vulnerabilities, 33 of which are previously unknown and have been confirmed by the corresponding kernel maintainers.Keywords
This publication has 18 references indexed in Scilit:
- PAFL: extend fuzzing optimizations of single mode to industrial parallel modePublished by Association for Computing Machinery (ACM) ,2018
- Fuzzing: State of the ArtIEEE Transactions on Reliability, 2018
- CollAFL: Path Sensitive FuzzingPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2018
- Fuzz testing in practice: Obstacles and solutionsPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2018
- Coverage-Based Greybox Fuzzing as Markov ChainIEEE Transactions on Software Engineering, 2017
- Directed Greybox FuzzingPublished by Association for Computing Machinery (ACM) ,2017
- IMFPublished by Association for Computing Machinery (ACM) ,2017
- DIFUZEPublished by Association for Computing Machinery (ACM) ,2017
- Fuzzing the Linux kernelPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2017
- Grammar-based whitebox fuzzingACM SIGPLAN Notices, 2008