[PDF][PDF] HFL: Hybrid Fuzzing on the Linux Kernel.
Hybrid fuzzing, combining symbolic execution and fuzzing, is a promising approach for
vulnerability discovery because each approach can complement the other. However, we …
vulnerability discovery because each approach can complement the other. However, we …
Detecting {Missing-Check} bugs via semantic-and {Context-Aware} criticalness and constraints inferences
Missing a security check is a class of semantic bugs in software programs where erroneous
execution states are not validated. Missing-check bugs are particularly common in OS …
execution states are not validated. Missing-check bugs are particularly common in OS …
NTFuzz: Enabling type-aware kernel fuzzing on windows with static binary analysis
Although it is common practice for kernel fuzzers to leverage type information of system
calls, current Windows kernel fuzzers do not follow the practice as most system calls are …
calls, current Windows kernel fuzzers do not follow the practice as most system calls are …
{PeX}: A permission check analysis framework for linux kernel
Permission checks play an essential role in operating system security by providing access
control to privileged functionalities. However, it is particularly challenging for kernel …
control to privileged functionalities. However, it is particularly challenging for kernel …
{SHARD}:{Fine-Grained} Kernel Specialization with {Context-Aware} Hardening
With growing hardware complexity and ever-evolving user requirements, the kernel is
increasingly bloated which increases its attack surface. Despite its large size, for specific …
increasingly bloated which increases its attack surface. Despite its large size, for specific …
Finding bugs using your own code: detecting functionally-similar yet inconsistent code
Probabilistic classification has shown success in detecting known types of software bugs.
However, the works following this approach tend to require a large amount of specimens to …
However, the works following this approach tend to require a large amount of specimens to …
[PDF][PDF] Precisely characterizing security impact in a flood of patches via symbolic rule comparison
A bug is a vulnerability if it has security impacts when triggered. Determining the security
impacts of a bug is important to both defenders and attackers. Maintainers of large software …
impacts of a bug is important to both defenders and attackers. Maintainers of large software …
Static detection of unsafe {DMA} accesses in device drivers
Direct Memory Access (DMA) is a popular mechanism for improving hardware I/O
performance, and it has been widely used by many existing device drivers. However, DMA …
performance, and it has been widely used by many existing device drivers. However, DMA …
Segfuzz: Segmentizing thread interleaving to discover kernel concurrency bugs through fuzzing
Discovering kernel concurrency bugs through fuzzing is challenging. Identifying kernel
concurrency bugs, as opposed to non-concurrency bugs, necessitates an analysis of …
concurrency bugs, as opposed to non-concurrency bugs, necessitates an analysis of …
Goshawk: Hunting memory corruptions via structure-aware and object-centric memory operation synopsis
Existing tools for the automated detection of memory corruption bugs are not very effective in
practice. They typically recognize only standard memory management (MM) APIs (eg …
practice. They typically recognize only standard memory management (MM) APIs (eg …