Visible to the public DIFUZE: Interface Aware Fuzzing for Kernel Drivers

TitleDIFUZE: Interface Aware Fuzzing for Kernel Drivers
Publication TypeConference Paper
Year of Publication2017
AuthorsCorina, Jake, Machiry, Aravind, Salls, Christopher, Shoshitaishvili, Yan, Hao, Shuang, Kruegel, Christopher, Vigna, Giovanni
Conference NameProceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security
PublisherACM
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-4946-8
Keywordscomposability, fuzzing, interface aware, kernel drivers, pubcrawl
Abstract

Device drivers are an essential part in modern Unix-like systems to handle operations on physical devices, from hard disks and printers to digital cameras and Bluetooth speakers. The surge of new hardware, particularly on mobile devices, introduces an explosive growth of device drivers in system kernels. Many such drivers are provided by third-party developers, which are susceptible to security vulnerabilities and lack proper vetting. Unfortunately, the complex input data structures for device drivers render traditional analysis tools, such as fuzz testing, less effective, and so far, research on kernel driver security is comparatively sparse. In this paper, we present DIFUZE, an interface-aware fuzzing tool to automatically generate valid inputs and trigger the execution of the kernel drivers. We leverage static analysis to compose correctly-structured input in the userspace to explore kernel drivers. DIFUZE is fully automatic, ranging from identifying driver handlers, to mapping to device file names, to constructing complex argument instances. We evaluate our approach on seven modern Android smartphones. The results show that DIFUZE can effectively identify kernel driver bugs, and reports 32 previously unknown vulnerabilities, including flaws that lead to arbitrary code execution.

URLhttps://dl.acm.org/citation.cfm?doid=3133956.3134069
DOI10.1145/3133956.3134069
Citation Keycorina_difuze:_2017