HYPERPILL: Fuzzing for Hypervisor Bugs by Leveraging the Hardware Virtualization Interface

Watch a distinguished paper award-winning conference presentation from USENIX Security '24 exploring HYPERPILL, a groundbreaking approach to identifying vulnerabilities in hypervisors through fuzzing techniques. Learn how this innovative method leverages hardware virtualization interfaces to test arbitrary hypervisors, overcoming limitations of previous approaches that required source code access or specific hypervisor implementations. Discover how HYPERPILL outperforms existing solutions by using snapshot fuzzing and emulation-based feedback, successfully identifying 26 new bugs across major platforms like QEMU, Hyper-V, and macOS Virtualization Framework. Understand the technical implementation that enables testing across all major attack surfaces including PIO/MMIO/Hypercalls/DMA, and see how it achieved superior coverage in 10 out of 12 QEMU devices without requiring traditional API hooking or source-code instrumentation.