SaTC: CORE: Small: Collaborative: Deep and Efficient Dynamic Analysis of Operating System Kernels

SaTC：核心：小型：协作：操作系统内核的深入有效的动态分析

• 批准号: 1953933
• 负责人: Zhiyun Qian
• 金额: $ 25万
• 依托单位: University of California-Riverside
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2020
• 资助国家: 美国
• 起止时间: 2020-07-15 至 2024-06-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1953933&HistoricalAwards=false
• 关键词: SaTC; CORE; Small; Collaborative; Deep

The objective of this project is to improve the security of operating system (OS) kernels through deep analysis and testing. OS kernels are the foundation of computer systems such as personal computers, smartphones, servers, as well as the Internet infrastructure in general. Modern OS kernels are enormously complex and contain a large number of security vulnerabilities that slip through the testing phase onto end devices. Unfortunately, the state-of-the-art testing solution is insufficient as deeper parts of the OS remain hard-to-reach and therefore largely untested. The project aims to solve this precise issue by developing a set of innovative dynamic analysis and testing techniques that will greatly improve the security and quality of OS kernels. The results will benefit the security of virtually all computing devices. The state-of-the-art testing technique for OS kernels is called fuzz testing, which generates random inputs in the hope that they will exercise various parts of the kernel code. It has two unique bottlenecks: (1) space bottlenecks that prevent the fuzzer from reaching desired code blocks and triggering potential vulnerabilities, i.e., dependencies among syscalls, and (2) time bottlenecks that force the fuzzer to stop its execution for some period of time, resulting in wasted fuzz time, i.e., repetitive reboots where the same bugs are triggered repetitively. The project will develop a set of program analysis techniques to improve fuzz testing of OS kernels by making the fuzzer more intelligent in resolving dependencies and by helping it avoid repetitive reboots.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

该项目的目标是通过深入分析和测试来提高操作系统（OS）内核的安全性。操作系统内核是个人电脑、智能手机、服务器以及一般互联网基础设施等计算机系统的基础。现代操作系统内核非常复杂，并且包含大量安全漏洞，这些漏洞会通过测试阶段转移到终端设备上。不幸的是，最先进的测试解决方案还不够，因为操作系统的更深部分仍然难以到达，因此很大程度上未经测试。该项目旨在通过开发一套创新的动态分析和测试技术来解决这个精确问题，这些技术将大大提高操作系统内核的安全性和质量。结果将有利于几乎所有计算设备的安全。 最先进的操作系统内核测试技术称为模糊测试，它生成随机输入，希望它们能够测试内核代码的各个部分。它有两个独特的瓶颈：（1）空间瓶颈，阻止模糊器到达所需的代码块并触发潜在的漏洞，即系统调用之间的依赖关系；（2）时间瓶颈，迫使模糊器停止执行一段时间。 ，导致浪费模糊时间，即重复重新启动，重复触发相同的错误。该项目将开发一套程序分析技术，通过使模糊器在解决依赖性方面更加智能并帮助其避免重复重新启动来改进操作系统内核的模糊测试。该奖项反映了 NSF 的法定使命，并通过使用基金会的智力价值和更广泛的影响审查标准。

项目成果

SyzScope: Revealing High-Risk Security Impacts of Fuzzer-Exposed Bugs

SyzScope：揭示模糊器暴露的错误的高风险安全影响

• 发表时间: 2022-01
• 期刊: USENIX Security
• 作者: Zou, Xiaochen;Li, Guoren;Chen, Weiteng;Zhang, Hang;Qian, Zhiyun
• 通讯作者: Qian, Zhiyun

Demystifying the Dependency Challenge in Kernel Fuzzing

揭秘内核模糊测试中的依赖挑战

• DOI: 10.1145/3510003.3510126
• 发表时间: 2022-05
• 期刊: ICSE
• 作者: Hao, Yu;Zhang, Hang;Li, Guoren;Du, Xingyun;Qian, Zhiyun;Amiri Sani, Ardalan
• 通讯作者: Amiri Sani, Ardalan

Undo Workarounds for Kernel Bugs

撤消内核错误的解决方法

• 发表时间: 2021-07
• 期刊: USENIX Security
• 作者: Seyed Talebi, Seyed Mohammadjavad;Yao, Zhihao;Amiri Sani, Ardalan;Qian, Zhiyun;Austin, Daniel
• 通讯作者: Austin, Daniel

SyzDescribe: Principled, Automated, Static Generation of Syscall Descriptions for Kernel Drivers

SyzDescribe：原则性、自动化、静态生成内核驱动程序的系统调用描述

• 发表时间: 2023-01
• 期刊: IEEE Security and Privacy
• 影响因子: 1.9
• 作者: Hao; Yu
• 通讯作者: Yu