SaTC: CORE: Small: Collaborative: Deep and Efficient Dynamic Analysis of Operating System Kernels

SaTC：核心：小型：协作：操作系统内核的深入有效的动态分析

• 批准号: 1953932
• 负责人: Ardalan Amiri Sani
• 金额: $ 25万
• 依托单位: University of California-Irvine
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2020
• 资助国家: 美国
• 起止时间: 2020-07-15 至 2024-06-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1953932&HistoricalAwards=false
• 关键词: SaTC; CORE; Small; Collaborative; Deep

The objective of this project is to improve the security of operating system (OS) kernels through deep analysis and testing. OS kernels are the foundation of computer systems such as personal computers, smartphones, servers, as well as the Internet infrastructure in general. Modern OS kernels are enormously complex and contain a large number of security vulnerabilities that slip through the testing phase onto end devices. Unfortunately, the state-of-the-art testing solution is insufficient as deeper parts of the OS remain hard-to-reach and therefore largely untested. The project aims to solve this precise issue by developing a set of innovative dynamic analysis and testing techniques that will greatly improve the security and quality of OS kernels. The results will benefit the security of virtually all computing devices. The state-of-the-art testing technique for OS kernels is called fuzz testing, which generates random inputs in the hope that they will exercise various parts of the kernel code. It has two unique bottlenecks: (1) space bottlenecks that prevent the fuzzer from reaching desired code blocks and triggering potential vulnerabilities, i.e., dependencies among syscalls, and (2) time bottlenecks that force the fuzzer to stop its execution for some period of time, resulting in wasted fuzz time, i.e., repetitive reboots where the same bugs are triggered repetitively. The project will develop a set of program analysis techniques to improve fuzz testing of OS kernels by making the fuzzer more intelligent in resolving dependencies and by helping it avoid repetitive reboots.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

该项目的目的是通过深入分析和测试来提高操作系统（OS）内核的安全性。 OS内核是计算机系统的基础，例如个人计算机，智能手机，服务器以及一般的Internet基础架构。现代OS内核非常复杂，并且包含大量的安全漏洞，这些漏洞通过测试阶段滑到最终设备上。不幸的是，由于操作系统的更深部分仍然难以触及，因此在很大程度上未经测试时，最先进的测试解决方案不足。该项目旨在通过开发一系列创新的动态分析和测试技术来解决这一精确问题，从而大大提高OS内核的安全性和质量。结果将使几乎所有计算设备的安全性受益。 OS内核的最先进的测试技术称为模糊测试，该测试生成随机输入，希望它们能够行使内核代码的各个部分。它具有两个独特的瓶颈：（1）空间瓶颈，可以防止魔力仪达到所需的代码块并触发潜在的漏洞，即Syscalls之间的依赖性，以及（2）迫使fuzzer停止其执行时间的时间瓶颈，导致浪费的绒毛时间，即重复启动相同的错误重复启动。该项目将开发一系列程序分析技术，以通过使模糊器更加聪明地解决依赖关系，并通过帮助其避免重复重新启动来改善OS内核的模糊测试。该奖项反映了NSF的法定任务，并被视为通过使用评估的支持，基金会的智力优点和更广泛的影响审查标准。

项目成果

SyzDescribe: Principled, Automated, Static Generation of Syscall Descriptions for Kernel Drivers

SyzDescribe：原则性、自动化、静态生成内核驱动程序的系统调用描述

• DOI: 10.1109/sp46215.2023.10179298
• 发表时间: 2023
• 期刊: IEEE
• 作者: Hao, Yu;Li, Guoren;Zou, Xiaochen;Chen, Weiteng;Zhu, Shitong;Qian, Zhiyun;Sani, Ardalan Amiri
• 通讯作者: Sani, Ardalan Amiri

GLeeFuzz: Fuzzing WebGL Through Error Message Guided Mutation

• 发表时间: 2023
• 作者: Hui Peng;Zhihao Yao;A. A. Sani-A.;D. Tian;Mathias Payer

Demystifying the Dependency Challenge in Kernel Fuzzing

• DOI: 10.1145/3510003.3510126
• 发表时间: 2022-05
• 期刊: 2022 IEEE/ACM 44th International Conference on Software Engineering (ICSE)
• 作者: Yu Hao;Hang Zhang;Guoren Li;Xingyun Du;Zhiyun Qian;A. A. Sani-A.

Undo Workarounds for Kernel Bugs

• 发表时间: 2021
• 作者: S. Talebi;Zhihao Yao;A. A. Sani-A.;Zhiyun Qian;D. Austin

Minimizing a Smartphone's TCB for Security-Critical Programs with Exclusively-Used, Physically-Isolated, Statically-Partitioned Hardware

• DOI: 10.1145/3581791.3596864
• 发表时间: 2023-06
• 期刊: Proceedings of the 21st Annual International Conference on Mobile Systems, Applications and Services
• 作者: Zhihao Yao;Seyed Mohammadjavad Seyed Talebi-Seyed-Mohammadjavad-Seyed-Talebi-2220160600;M. Chen;Ardalan Amiri Sani;T. Anderson