Model-based Fuzzing for Finding Kernel Vulnerabilities

Abstract

Kernel vulnerabilities are critical in security because they naturally allow attackers to gain unprivileged root access.Existing ke"rnel fuzzing techniques involve feeding in random input values to kernel API functions, but such a simple approach does not reveal l""atent bugs deep in the kernel code, because many API functions are dependent on each other, and they can quickly reject arbitrary pa"rameter values based on their calling context. In this project we propose a novel kernel fuzzing algorithm that infers the kernel AP"I model from regular program executions, and uses the information to fuzz an OS kernel API functions. The expected outcome is twofol""d: (1) the design of an API model inference algorithm, and (2) a tool for Windows kernel fuzzing that leverages the developed algori"thm.

Document Details

Document Type
DoD Grant Award
Publication Date
Dec 20, 2017
Source ID
N000141812024

Entities

People

  • Sang Kil Cha

Organizations

  • KAIST
  • Office of Naval Research
  • United States Navy

Tags

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Parallel and Distributed Computing.
  • Statistical inference.

Technology Areas

  • AI & ML
  • AI & ML - Bayesian Inference
  • AI & ML - Machine Learning Algorithms