RPG: Linux Kernel Fuzzing Guided by Distribution-Specific Runtime Parameter Interfaces
This program is tentative and subject to change.
The Linux distribution kernel differs significantly from the mainline kernel, incorporating additional features and vendor-specific extensions. Among these additions, many runtime parameter interfaces are unique to distribution kernels, which expands the attack surface and increases the risk of potential vulnerabilities. Fuzzing has been used to assess Linux distributions, but existing tools cannot systematically test these distribution-specific interfaces for two main challenges: (1) generating test cases for these runtime parameter interfaces, and (2) concentrating test resources on the distribution-specific interface code. To address these challenges, we propose RPG, a distribution-specific runtime parameter-guided kernel fuzzer. RPG operates in three phases: First, RPG extracts distribution-specific runtime parameter interfaces. Then, RPG uses LLM and tuning software database to model each parameter range to generate meaningful interface test cases. Third, RPG utilizes the distribution kernel’s function control flow graph to guide the fuzzer to generate generic test cases that are more closely related to the distribution-specific interface code. We evaluated RPG on four Linux distribution kernels: Ubuntu 22.04, Fedora 42, OpenAnolis 8.8, and OpenAnolis 23.1. RPG detected 22 previously unknown bugs (13 distribution-specific), of which 15 were confirmed and 10 fixed by kernel maintainers. \tool{} also achieved 20.4% and 21.2% higher branch coverage than Syzkaller and Healer, respectively.
This program is tentative and subject to change.
Wed 19 NovDisplayed time zone: Seoul change
16:00 - 17:00 | |||
16:00 10mTalk | The Gold Digger in the Dark Forest: Industrial-Scale MEV Analysis in Ethereum Industry Showcase Ningyu He Hong Kong Polytechnic University, Tianyang Chi Beijing University of Posts and Telecommunications, Xiaohui Hu Huazhong University of Science and Technology, Haoyu Wang Huazhong University of Science and Technology | ||
16:10 10mTalk | RPG: Linux Kernel Fuzzing Guided by Distribution-Specific Runtime Parameter Interfaces Industry Showcase Yuhan Chen Central South Sniversity, Yuheng Shen Tsinghua University, Guoyu Yin Central South University, Fan Ding Central South Sniversity, Runzhe Wang Alibaba Group, Tao Ma Alibaba Group, Xiaohai Shi Alibaba Group, Qiang Fu Central South University, Ying Fu Tsinghua University, Heyuan Shi Central South University | ||
16:20 10mTalk | Securing Self-Managed Third-Party Libraries Industry Showcase Xin Zhou Nanjing University, Jinwei Xu Nanjing University, He Zhang Nanjing University, Yanjing Yang Nanjing University, Lanxin Yang Nanjing University, Bohan Liu Nanjing University, Hongshan Tang JD.com, Inc. | ||
16:30 10mTalk | STaint: Detecting Second-Order Vulnerabilities in PHP Applications with LLM-Assisted Bi-Directional Static Taint Analysis NIER Track Yuchen Ji ShanghaiTech University, Hongchen Cao ShanghaiTech University, Jingzhu He ShanghaiTech University | ||
16:40 10mTalk | AdaptiveGuard: Towards Adaptive Runtime Safety for LLM-Powered Software Industry Showcase Rui Yang Monash University and Transurban, Michael Fu The University of Melbourne, Kla Tantithamthavorn Monash University and Atlassian, Chetan Arora Monash University, Gunel Gulmammadova Transurban, Joey Chua Transurban | ||
16:50 10mTalk | CONFUSETAINT: Exploiting Vulnerabilities to Bypass Dynamic Taint Analysis NIER Track | ||