YoVDO

Razzer - Finding Kernel Race Bugs through Fuzzing

Offered By: IEEE via YouTube

Tags

Fuzzing Courses Software Development Courses System Security Courses Static Analysis Courses Bug Hunting Courses Kernel Vulnerabilities Courses

Course Description

Overview

Explore a cutting-edge approach to identifying kernel race bugs through fuzzing in this 20-minute IEEE conference talk. Delve into the innovative Razzer tool, designed to efficiently detect data races in kernel systems. Learn how static analysis and deterministic thread interleaving techniques are combined to guide fuzz testing towards potential race conditions. Discover the impact of Razzer's implementation on the latest Linux kernel versions, uncovering 30 new races with 16 confirmed and patched by developers. Gain insights into the tool's design, implementation, and evaluation, including a comparison with Syzkaller. Understand the critical importance of addressing kernel race bugs for system reliability and security, including their potential for privilege escalation attacks.

Syllabus

Intro
Kernel Vulnerability
Inefficient Fuzzing for Race Bugs
Our approach: Razzer
Design Overview
Static Analysis: Example
Single-thread Fuzzing
Transformation to Multi-thread Input
Multi-thread Fuzzing
Implementation
Evaluation: Comparison with Syzkaller
Conclusion


Taught by

IEEE Symposium on Security and Privacy

Tags

Related Courses

Advanced White Hat Hacking & Penetration Testing Tutorial
Udemy
Practical Buffer Overflows for OSCP
Udemy
Buffer Overflows Made Easy
Cyber Mentor via YouTube
Burp Suite
David Bombal via YouTube
Buffer Overflows Made Easy - 2022 Edition
Cyber Mentor via YouTube