Poster: Evaluating code coverage for system call fuzzers

Seoyoung Kim; Seyeon Jeong; Mingi Cho; Soochang Chung; Taekyoung Kwon

doi:10.1145/3319535.3363288

Poster: Evaluating code coverage for system call fuzzers

Seoyoung Kim, Seyeon Jeong, Mingi Cho, Soochang Chung, Taekyoung Kwon

Graduate School of Information

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

1 Citation (Scopus)

Abstract

The OS kernel, which has entire system privileges, is an attractive target of attackers. To reduce this threat, we need to find security bugs in the kernel prior to the attackers, and system call fuzzing is a widely used technique for this purpose. However, many system call fuzzers have not been evaluated for coverage performance which is an important indicator in fuzzing. In this poster, we propose a methodology to evaluate the code coverage performance of system call fuzzers with a strategy that combines virtualization and Intel Processor Trace (PT). First, we extract all the functions in the kernel that can be executed by system calls. Then we perform fuzzing with the target system call fuzzer on the guest OS, and record coverage information by leveraging the Intel PT. Finally, we evaluate system call fuzzers by comparing the list of functions related to system calls with the executed functions logged by Intel PT while fuzzing.

Original language	English
Title of host publication	CCS 2019 - Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security
Publisher	Association for Computing Machinery
Pages	2689-2691
Number of pages	3
ISBN (Electronic)	9781450367479
DOIs	https://doi.org/10.1145/3319535.3363288
Publication status	Published - 2019 Nov 6
Event	26th ACM SIGSAC Conference on Computer and Communications Security, CCS 2019 - London, United Kingdom Duration: 2019 Nov 11 → 2019 Nov 15

Publication series

Name	Proceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)	1543-7221

Conference

Conference	26th ACM SIGSAC Conference on Computer and Communications Security, CCS 2019
Country/Territory	United Kingdom
City	London
Period	19/11/11 → 19/11/15

Bibliographical note

Funding Information:
This work was supported by Defense Acquisition Program Administration and Agency for Defense Development under the contract (UD190016ED).

Publisher Copyright:
© 2019 Association for Computing Machinery.

All Science Journal Classification (ASJC) codes

Software
Computer Networks and Communications

Access to Document

10.1145/3319535.3363288

Cite this

Kim, S., Jeong, S., Cho, M., Chung, S., & Kwon, T. (2019). Poster: Evaluating code coverage for system call fuzzers. In CCS 2019 - Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security (pp. 2689-2691). (Proceedings of the ACM Conference on Computer and Communications Security). Association for Computing Machinery. https://doi.org/10.1145/3319535.3363288

@inproceedings{7faf06cc7fc1400f9d212d85a823838a,

title = "Poster: Evaluating code coverage for system call fuzzers",

abstract = "The OS kernel, which has entire system privileges, is an attractive target of attackers. To reduce this threat, we need to find security bugs in the kernel prior to the attackers, and system call fuzzing is a widely used technique for this purpose. However, many system call fuzzers have not been evaluated for coverage performance which is an important indicator in fuzzing. In this poster, we propose a methodology to evaluate the code coverage performance of system call fuzzers with a strategy that combines virtualization and Intel Processor Trace (PT). First, we extract all the functions in the kernel that can be executed by system calls. Then we perform fuzzing with the target system call fuzzer on the guest OS, and record coverage information by leveraging the Intel PT. Finally, we evaluate system call fuzzers by comparing the list of functions related to system calls with the executed functions logged by Intel PT while fuzzing.",

author = "Seoyoung Kim and Seyeon Jeong and Mingi Cho and Soochang Chung and Taekyoung Kwon",

note = "Funding Information: This work was supported by Defense Acquisition Program Administration and Agency for Defense Development under the contract (UD190016ED). Publisher Copyright: {\textcopyright} 2019 Association for Computing Machinery.; 26th ACM SIGSAC Conference on Computer and Communications Security, CCS 2019 ; Conference date: 11-11-2019 Through 15-11-2019",

year = "2019",

month = nov,

day = "6",

doi = "10.1145/3319535.3363288",

language = "English",

series = "Proceedings of the ACM Conference on Computer and Communications Security",

publisher = "Association for Computing Machinery",

pages = "2689--2691",

booktitle = "CCS 2019 - Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security",

}

Kim, S, Jeong, S, Cho, M, Chung, S & Kwon, T 2019, Poster: Evaluating code coverage for system call fuzzers. in CCS 2019 - Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. Proceedings of the ACM Conference on Computer and Communications Security, Association for Computing Machinery, pp. 2689-2691, 26th ACM SIGSAC Conference on Computer and Communications Security, CCS 2019, London, United Kingdom, 19/11/11. https://doi.org/10.1145/3319535.3363288

Poster: Evaluating code coverage for system call fuzzers. / Kim, Seoyoung; Jeong, Seyeon; Cho, Mingi et al.
CCS 2019 - Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery, 2019. p. 2689-2691 (Proceedings of the ACM Conference on Computer and Communications Security).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Poster

T2 - 26th ACM SIGSAC Conference on Computer and Communications Security, CCS 2019

AU - Kim, Seoyoung

AU - Jeong, Seyeon

AU - Cho, Mingi

AU - Chung, Soochang

AU - Kwon, Taekyoung

N1 - Funding Information: This work was supported by Defense Acquisition Program Administration and Agency for Defense Development under the contract (UD190016ED). Publisher Copyright: © 2019 Association for Computing Machinery.

PY - 2019/11/6

Y1 - 2019/11/6

N2 - The OS kernel, which has entire system privileges, is an attractive target of attackers. To reduce this threat, we need to find security bugs in the kernel prior to the attackers, and system call fuzzing is a widely used technique for this purpose. However, many system call fuzzers have not been evaluated for coverage performance which is an important indicator in fuzzing. In this poster, we propose a methodology to evaluate the code coverage performance of system call fuzzers with a strategy that combines virtualization and Intel Processor Trace (PT). First, we extract all the functions in the kernel that can be executed by system calls. Then we perform fuzzing with the target system call fuzzer on the guest OS, and record coverage information by leveraging the Intel PT. Finally, we evaluate system call fuzzers by comparing the list of functions related to system calls with the executed functions logged by Intel PT while fuzzing.

AB - The OS kernel, which has entire system privileges, is an attractive target of attackers. To reduce this threat, we need to find security bugs in the kernel prior to the attackers, and system call fuzzing is a widely used technique for this purpose. However, many system call fuzzers have not been evaluated for coverage performance which is an important indicator in fuzzing. In this poster, we propose a methodology to evaluate the code coverage performance of system call fuzzers with a strategy that combines virtualization and Intel Processor Trace (PT). First, we extract all the functions in the kernel that can be executed by system calls. Then we perform fuzzing with the target system call fuzzer on the guest OS, and record coverage information by leveraging the Intel PT. Finally, we evaluate system call fuzzers by comparing the list of functions related to system calls with the executed functions logged by Intel PT while fuzzing.

UR - http://www.scopus.com/inward/record.url?scp=85075918488&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85075918488&partnerID=8YFLogxK

U2 - 10.1145/3319535.3363288

DO - 10.1145/3319535.3363288

M3 - Conference contribution

AN - SCOPUS:85075918488

T3 - Proceedings of the ACM Conference on Computer and Communications Security

SP - 2689

EP - 2691

BT - CCS 2019 - Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security

PB - Association for Computing Machinery

Y2 - 11 November 2019 through 15 November 2019

ER -

Poster: Evaluating code coverage for system call fuzzers

Abstract

Publication series

Conference

Bibliographical note

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this