Razzer - Finding Kernel Race Bugs through Fuzzing
Overview
Explore a cutting-edge approach to identifying kernel race bugs through fuzzing in this 20-minute IEEE conference talk. Delve into the innovative Razzer tool, designed to efficiently detect data races in kernel systems. Learn how static analysis and deterministic thread interleaving techniques are combined to guide fuzz testing towards potential race conditions. Discover the impact of Razzer's implementation on the latest Linux kernel versions, uncovering 30 new races with 16 confirmed and patched by developers. Gain insights into the tool's design, implementation, and evaluation, including a comparison with Syzkaller. Understand the critical importance of addressing kernel race bugs for system reliability and security, including their potential for privilege escalation attacks.
Syllabus
Intro
Kernel Vulnerability
Inefficient Fuzzing for Race Bugs
Our approach: Razzer
Design Overview
Static Analysis: Example
Single-thread Fuzzing
Transformation to Multi-thread Input
Multi-thread Fuzzing
Implementation
Evaluation: Comparison with Syzkaller
Conclusion
Taught by
IEEE Symposium on Security and Privacy