Kernelspace Fault Injection with KRF - Discovering Vulnerabilities Through System Call Errors

Explore kernelspace fault injection with KRF in this 26-minute conference talk by William Woodruff from Trail of Bits. Discover how inducing random errors in system calls can uncover dangerous assumptions and potential vulnerabilities in software. Learn about different fault types, handling strategies, and exploit primitives. Examine the concept of default fault injection, dynamic linkage, and instrumentation. Delve into targeting strategies and understand how KRF functions as a rootkit. Evaluate the effectiveness of this approach through syscall analysis, RNG implementation, and faulting coverage. Gain insights into a vulnerability-first approach to software testing that complements traditional distributed service resilience testing methods used by major tech companies.

Introduction
Outline
What is a fault
Handling faults
Faults cant be handled
Exploit primitives
Faults are rare
Default Fault Injection
Dynamic Linkage
Dynamic Instrumentation
introspection
can we do better
targeting
targeting strategies
KRF is a rootkit
Care commands
Does it work
syscalls
RNG
Is it correct
Faulting coverage