YoVDO

Razzer - Finding Kernel Race Bugs through Fuzzing

Offered By: IEEE via YouTube

Tags

Fuzzing Courses Software Development Courses System Security Courses Static Analysis Courses Bug Hunting Courses Kernel Vulnerabilities Courses

Course Description

Overview

Explore a cutting-edge approach to identifying kernel race bugs through fuzzing in this 20-minute IEEE conference talk. Delve into the innovative Razzer tool, designed to efficiently detect data races in kernel systems. Learn how static analysis and deterministic thread interleaving techniques are combined to guide fuzz testing towards potential race conditions. Discover the impact of Razzer's implementation on the latest Linux kernel versions, uncovering 30 new races with 16 confirmed and patched by developers. Gain insights into the tool's design, implementation, and evaluation, including a comparison with Syzkaller. Understand the critical importance of addressing kernel race bugs for system reliability and security, including their potential for privilege escalation attacks.

Syllabus

Intro
Kernel Vulnerability
Inefficient Fuzzing for Race Bugs
Our approach: Razzer
Design Overview
Static Analysis: Example
Single-thread Fuzzing
Transformation to Multi-thread Input
Multi-thread Fuzzing
Implementation
Evaluation: Comparison with Syzkaller
Conclusion


Taught by

IEEE Symposium on Security and Privacy

Tags

Related Courses

Software as a Service
University of California, Berkeley via Coursera Software Testing
University of Utah via Udacity The Hardware/Software Interface
University of Washington via Coursera Software Debugging
Saarland University via Udacity Introduction to Systematic Program Design - Part 1
The University of British Columbia via Coursera