Repository logo

Infoscience

  • English
  • French
Log In
Logo EPFL, École polytechnique fédérale de Lausanne

Infoscience

  • English
  • French
Log In
  1. Home
  2. Academic and Research Output
  3. Conferences, Workshops, Symposiums, and Seminars
  4. ACTOR: Action-Guided Kernel Fuzzing
 
Loading...
Thumbnail Image
conference paper

ACTOR: Action-Guided Kernel Fuzzing

Fleischer, Marius
•
Das, Dipanjan
•
Bose, Priyanka
Show more
January 1, 2023
Proceedings Of The 32Nd Usenix Security Symposium
32nd USENIX Security Symposium

Fuzzing reliably and efficiently finds bugs in software, including operating system kernels. In general, higher code coverage leads to the discovery of more bugs. This is why most existing kernel fuzzers adopt strategies to generate a series of inputs that attempt to greedily maximize the amount of code that they exercise. However, simply executing code may not be sufficient to reveal bugs that require specific sequences of actions. Synthesizing inputs to trigger such bugs depends on two aspects: (i) the actions the executed code takes, and (ii) the order in which those actions are taken. An action is a high-level operation, such as a heap allocation, that is performed by the executed code and has a specific semantic meaning.|ACTOR, our action-guided kernel fuzzing framework, deviates from traditional methods. Instead of focusing on code coverage optimization, our approach generates fuzzer programs (inputs) that leverage our understanding of triggered actions and their temporal relationships. Specifically, we first capture actions that potentially operate on shared data structures at different times. Then, we synthesize programs using those actions as building blocks, guided by bug templates expressed in our domain-specific language.|We evaluated ACTOR on four different versions of the Linux kernel, including two well-tested and frequently updated long-term (5.4.206, 5.10.131) versions, a stable (5.19), and the latest (6.2-rc5) release. Our evaluation revealed a total of 41 previously unknown bugs, of which 9 have already been fixed. Interestingly, 15 (36.59%) of them were discovered in less than a day.

  • Details
  • Metrics
Type
conference paper
Web of Science ID

WOS:001066451505011

Author(s)
Fleischer, Marius
•
Das, Dipanjan
•
Bose, Priyanka
•
Bai, Weiheng
•
Lu, Kangjie
•
Payer, Mathias  
•
Kruegel, Christopher
•
Vigna, Giovanni
Corporate authors
USENIX Association
Date Issued

2023-01-01

Publisher

Usenix Assoc

Publisher place

Berkeley

Published in
Proceedings Of The 32Nd Usenix Security Symposium
ISBN of the book

978-1-939133-37-3

Start page

5003

End page

5020

Subjects

Technology

Peer reviewed

REVIEWED

Written at

EPFL

EPFL units
HEXHIVE  
Event nameEvent placeEvent date
32nd USENIX Security Symposium

Anaheim, CA

AUG 09-11, 2023

FunderGrant Number

DARPA

N6600120C4031

Available on Infoscience
February 20, 2024
Use this identifier to reference this record
https://infoscience.epfl.ch/handle/20.500.14299/204637
Logo EPFL, École polytechnique fédérale de Lausanne
  • Contact
  • infoscience@epfl.ch

  • Follow us on Facebook
  • Follow us on Instagram
  • Follow us on LinkedIn
  • Follow us on X
  • Follow us on Youtube
AccessibilityLegal noticePrivacy policyCookie settingsEnd User AgreementGet helpFeedback

Infoscience is a service managed and provided by the Library and IT Services of EPFL. © EPFL, tous droits réservés