Model-Based Fuzzing for Finding Kernel Vulnerabilities

Abstract

Kernel vulnerabilities are significant threats to computer security as attackers use them to obtain unauthorized root privilege and bypass security mitigations. In this project, we extend IMF, a state-of-the-art kernel fuzzing technique on macOS, to find vulnerabilities on Windows kernel. Unlike other OSes, Windows has numerous undocumented system calls, which make it difficult to generate a valid sequence of system calls for fuzzing. We propose a novel way to analyze Windows kernel binaries to figure out API specifications of undocumented system calls. We then use the inferred API specifications to generate a C program that automatically fuzzes Windows kernel by calling a randomly generated sequence of system calls.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Feb 23, 2020
Accession Number
AD1095728

Entities

People

  • Sang K. Cha

Organizations

  • KAIST

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Analyzers
  • Applied Computer Science
  • Computer Programs
  • Computer Science
  • Computers
  • Computing Devices
  • Corporations
  • Cybersecurity
  • Debugging
  • Information Operations
  • Instructions
  • Kernels (Operating System)
  • Laptop Computers
  • Models
  • Operating Systems
  • Prototypes
  • Security
  • Sequences
  • Specifications
  • Targets
  • Vulnerability
  • Web Browsers

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Database Systems and Applications

Technology Areas

  • AI & ML
  • Cyber