Difuze: Interface aware fuzzing for kernel drivers

Jake Corina, Aravind MacHiry, Christopher Salls, Yan Shoshitaishvili, Shuang Hao, Christopher Kruegel, Giovanni Vigna

Research output: Chapter in Book/Report/Conference proceedingConference contribution

10 Citations (Scopus)

Abstract

Device drivers are an essential part in modern Unix-like systems to handle operations on physical devices, from hard disks and printers to digital cameras and Bluetooth speakers. The surge of new hardware, particularly on mobile devices, introduces an explosive growth of device drivers in system kernels. Many such drivers are provided by third-party developers, which are susceptible to security vulnerabilities and lack proper vetting. Unfortunately, the complex input data structures for device drivers render traditional analysis tools, such as fuzz testing, less effective, and so far, research on kernel driver security is comparatively sparse. In this paper, we present DIFUZE, an interface-aware fuzzing tool to automatically generate valid inputs and trigger the execution of the kernel drivers. We leverage static analysis to compose correctly-structured input in the userspace to explore kernel drivers. DIFUZE is fully automatic, ranging from identifying driver handlers, to mapping to device file names, to constructing complex argument instances. We evaluate our approach on seven modern Android smartphones. The results showthat DIFUZE can effectively identify kernel driver bugs, and reports 32 previously unknown vulnerabilities, including flaws that lead to arbitrary code execution.

Original languageEnglish (US)
Title of host publicationCCS 2017 - Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security
PublisherAssociation for Computing Machinery
Pages2123-2138
Number of pages16
ISBN (Electronic)9781450349468
DOIs
StatePublished - Oct 30 2017
Event24th ACM SIGSAC Conference on Computer and Communications Security, CCS 2017 - Dallas, United States
Duration: Oct 30 2017Nov 3 2017

Other

Other24th ACM SIGSAC Conference on Computer and Communications Security, CCS 2017
CountryUnited States
CityDallas
Period10/30/1711/3/17

Fingerprint

Hard disk storage
Smartphones
Bluetooth
Digital cameras
Static analysis
Mobile devices
Data structures
Hardware
Defects
Testing
Android (operating system)

Keywords

  • Fuzzing
  • Interface aware
  • Kernel drivers

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications

Cite this

Corina, J., MacHiry, A., Salls, C., Shoshitaishvili, Y., Hao, S., Kruegel, C., & Vigna, G. (2017). Difuze: Interface aware fuzzing for kernel drivers. In CCS 2017 - Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (pp. 2123-2138). Association for Computing Machinery. https://doi.org/10.1145/3133956.3134069

Difuze : Interface aware fuzzing for kernel drivers. / Corina, Jake; MacHiry, Aravind; Salls, Christopher; Shoshitaishvili, Yan; Hao, Shuang; Kruegel, Christopher; Vigna, Giovanni.

CCS 2017 - Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery, 2017. p. 2123-2138.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Corina, J, MacHiry, A, Salls, C, Shoshitaishvili, Y, Hao, S, Kruegel, C & Vigna, G 2017, Difuze: Interface aware fuzzing for kernel drivers. in CCS 2017 - Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery, pp. 2123-2138, 24th ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, Dallas, United States, 10/30/17. https://doi.org/10.1145/3133956.3134069
Corina J, MacHiry A, Salls C, Shoshitaishvili Y, Hao S, Kruegel C et al. Difuze: Interface aware fuzzing for kernel drivers. In CCS 2017 - Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery. 2017. p. 2123-2138 https://doi.org/10.1145/3133956.3134069
Corina, Jake ; MacHiry, Aravind ; Salls, Christopher ; Shoshitaishvili, Yan ; Hao, Shuang ; Kruegel, Christopher ; Vigna, Giovanni. / Difuze : Interface aware fuzzing for kernel drivers. CCS 2017 - Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery, 2017. pp. 2123-2138
@inproceedings{a6e8fa33eb744d788a0fb6ba5fba4691,
title = "Difuze: Interface aware fuzzing for kernel drivers",
abstract = "Device drivers are an essential part in modern Unix-like systems to handle operations on physical devices, from hard disks and printers to digital cameras and Bluetooth speakers. The surge of new hardware, particularly on mobile devices, introduces an explosive growth of device drivers in system kernels. Many such drivers are provided by third-party developers, which are susceptible to security vulnerabilities and lack proper vetting. Unfortunately, the complex input data structures for device drivers render traditional analysis tools, such as fuzz testing, less effective, and so far, research on kernel driver security is comparatively sparse. In this paper, we present DIFUZE, an interface-aware fuzzing tool to automatically generate valid inputs and trigger the execution of the kernel drivers. We leverage static analysis to compose correctly-structured input in the userspace to explore kernel drivers. DIFUZE is fully automatic, ranging from identifying driver handlers, to mapping to device file names, to constructing complex argument instances. We evaluate our approach on seven modern Android smartphones. The results showthat DIFUZE can effectively identify kernel driver bugs, and reports 32 previously unknown vulnerabilities, including flaws that lead to arbitrary code execution.",
keywords = "Fuzzing, Interface aware, Kernel drivers",
author = "Jake Corina and Aravind MacHiry and Christopher Salls and Yan Shoshitaishvili and Shuang Hao and Christopher Kruegel and Giovanni Vigna",
year = "2017",
month = "10",
day = "30",
doi = "10.1145/3133956.3134069",
language = "English (US)",
pages = "2123--2138",
booktitle = "CCS 2017 - Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security",
publisher = "Association for Computing Machinery",

}

TY - GEN

T1 - Difuze

T2 - Interface aware fuzzing for kernel drivers

AU - Corina, Jake

AU - MacHiry, Aravind

AU - Salls, Christopher

AU - Shoshitaishvili, Yan

AU - Hao, Shuang

AU - Kruegel, Christopher

AU - Vigna, Giovanni

PY - 2017/10/30

Y1 - 2017/10/30

N2 - Device drivers are an essential part in modern Unix-like systems to handle operations on physical devices, from hard disks and printers to digital cameras and Bluetooth speakers. The surge of new hardware, particularly on mobile devices, introduces an explosive growth of device drivers in system kernels. Many such drivers are provided by third-party developers, which are susceptible to security vulnerabilities and lack proper vetting. Unfortunately, the complex input data structures for device drivers render traditional analysis tools, such as fuzz testing, less effective, and so far, research on kernel driver security is comparatively sparse. In this paper, we present DIFUZE, an interface-aware fuzzing tool to automatically generate valid inputs and trigger the execution of the kernel drivers. We leverage static analysis to compose correctly-structured input in the userspace to explore kernel drivers. DIFUZE is fully automatic, ranging from identifying driver handlers, to mapping to device file names, to constructing complex argument instances. We evaluate our approach on seven modern Android smartphones. The results showthat DIFUZE can effectively identify kernel driver bugs, and reports 32 previously unknown vulnerabilities, including flaws that lead to arbitrary code execution.

AB - Device drivers are an essential part in modern Unix-like systems to handle operations on physical devices, from hard disks and printers to digital cameras and Bluetooth speakers. The surge of new hardware, particularly on mobile devices, introduces an explosive growth of device drivers in system kernels. Many such drivers are provided by third-party developers, which are susceptible to security vulnerabilities and lack proper vetting. Unfortunately, the complex input data structures for device drivers render traditional analysis tools, such as fuzz testing, less effective, and so far, research on kernel driver security is comparatively sparse. In this paper, we present DIFUZE, an interface-aware fuzzing tool to automatically generate valid inputs and trigger the execution of the kernel drivers. We leverage static analysis to compose correctly-structured input in the userspace to explore kernel drivers. DIFUZE is fully automatic, ranging from identifying driver handlers, to mapping to device file names, to constructing complex argument instances. We evaluate our approach on seven modern Android smartphones. The results showthat DIFUZE can effectively identify kernel driver bugs, and reports 32 previously unknown vulnerabilities, including flaws that lead to arbitrary code execution.

KW - Fuzzing

KW - Interface aware

KW - Kernel drivers

UR - http://www.scopus.com/inward/record.url?scp=85041447956&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85041447956&partnerID=8YFLogxK

U2 - 10.1145/3133956.3134069

DO - 10.1145/3133956.3134069

M3 - Conference contribution

AN - SCOPUS:85041447956

SP - 2123

EP - 2138

BT - CCS 2017 - Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security

PB - Association for Computing Machinery

ER -