ASE 2024
Sun 27 October - Fri 1 November 2024 Sacramento, California, United States
ASE 2024 (series) / Industry Showcase /

Industry Practice of Directed Kernel Fuzzing for Open-source Linux Distribution

Heyuan Shi, Shijun chen, Runzhe Wang, Yuhan Chen, Weibo Zhang, Qiang Zhang, Yuheng Shen, Xiaohai Shi, Chao Hu, Yu Jiang
ASE 2024 Industry Showcase
Wed 30 Oct 2024 16:00 - 16:15 at Magnoila - Fuzzing 2 Chair(s): Marcel Böhme

Directed grey-box fuzzing is a widely used automatic testing technique that has helped developers test specific code space in the target program. Although many directed fuzzers are designed to test the Linux kernel, deploying directed kernel fuzzing for Linux distribution still remains, due to the complexity of industrial requirements and deployment environments. In this paper, we collaborate with developers from Alibaba and the OpenAnolis community to conduct an industry practice of deploying directed kernel fuzzing on the open-source Linux distribution: OpenAnolis. We highlight several typical challenges and provide corresponding solutions for deploying directed kernel fuzzing, including hard-to-enable target code, abundant irrelevant seeds in the corpus, Lack of system calls for proprietary features, hard-to-coordinate multiple directed fuzzers, automated crash analysis, and the complexity of continuous fuzzing. Our efforts enabled us to discover 11 previously unknown reproducible bugs on the Linux distribution within the OpenAnolis, including vulnerabilities that lead to deadlocks or system crashes.

Heyuan Shi
Heyuan Shi
Central South University
China
small-avatar
Shijun chen
Central South University
small-avatar
Runzhe Wang
Alibaba Group
China
small-avatar
Yuhan Chen
Central South Sniversity
small-avatar
Weibo Zhang
Central South University
small-avatar
Qiang Zhang
Hunan University
small-avatar
Yuheng Shen
Tsinghua University
China
small-avatar
Xiaohai Shi
Alibaba Group
China
small-avatar
Chao Hu
Central South University
China
Yu Jiang
Yu Jiang
Tsinghua University
China

Wed 30 Oct

Displayed time zone: Pacific Time (US & Canada) change

15:30 - 16:30
Fuzzing 2Industry Showcase / NIER Track / Research Papers at Magnoila
Chair(s): Marcel Böhme MPI-SP, Bochum
15:30
15m
Talk
Differential Fuzzing for Data Distribution Service Programs with Dynamic Configuration
Research Papers
Dohyun Ryu The Pennsylvania State University, Giyeol Kim The Pennsylvania State University, Daeun Lee Pusan National University, Seongjin Kim The Pennsylvania State University, Seungjin Bae The Pennsylvania State University, Junghwan Rhee University of Central Oklahoma, Taegyu Kim The Pennsylvania State University
15:45
15m
Talk
Seeding and Mocking in White-Box Fuzzing Enterprise RPC APIs: An Industrial Case Study
Industry Showcase
Man Zhang Beihang University, China, Andrea Arcuri Kristiania University College and Oslo Metropolitan University, Piyun Teng Meituan, kaiming.xue Meituan, Wenhao Wang Meituan
16:00
15m
Talk
Industry Practice of Directed Kernel Fuzzing for Open-source Linux Distribution
Industry Showcase
Heyuan Shi Central South University, Shijun chen Central South University, Runzhe Wang Alibaba Group, Yuhan Chen Central South Sniversity, Weibo Zhang Central South University, Qiang Zhang Hunan University, Yuheng Shen Tsinghua University, Xiaohai Shi Alibaba Group, Chao Hu Central South University, Yu Jiang Tsinghua University
16:15
10m
Talk
Visualizing and Understanding the Internals of Fuzzing
NIER Track
Sriteja Kummita Fraunhofer Institute for Mechatronic Systems Design (Fraunhofer IEM), Zenong Zhang The University of Texas - Dallas, Eric Bodden Heinz Nixdorf Institut, Paderborn University and Fraunhofer IEM, Shiyi Wei University of Texas at Dallas