YoVDO

Razzer - Finding Kernel Race Bugs through Fuzzing

Offered By: IEEE via YouTube

Tags

Fuzzing Courses Software Development Courses System Security Courses Static Analysis Courses Bug Hunting Courses Kernel Vulnerabilities Courses

Course Description

Overview

Explore a cutting-edge approach to identifying kernel race bugs through fuzzing in this 20-minute IEEE conference talk. Delve into the innovative Razzer tool, designed to efficiently detect data races in kernel systems. Learn how static analysis and deterministic thread interleaving techniques are combined to guide fuzz testing towards potential race conditions. Discover the impact of Razzer's implementation on the latest Linux kernel versions, uncovering 30 new races with 16 confirmed and patched by developers. Gain insights into the tool's design, implementation, and evaluation, including a comparison with Syzkaller. Understand the critical importance of addressing kernel race bugs for system reliability and security, including their potential for privilege escalation attacks.

Syllabus

Intro
Kernel Vulnerability
Inefficient Fuzzing for Race Bugs
Our approach: Razzer
Design Overview
Static Analysis: Example
Single-thread Fuzzing
Transformation to Multi-thread Input
Multi-thread Fuzzing
Implementation
Evaluation: Comparison with Syzkaller
Conclusion


Taught by

IEEE Symposium on Security and Privacy

Tags

Related Courses

Malware Analysis and Assembly Language Introduction
IBM via edX Advanced Malware Analysis: Redux
Cybrary Intro to Malware Analysis and Reverse Engineering
Cybrary RIP : Rétro-Ingénierie de Programmes
Université de Lille via France Université Numerique CNIT 126: Practical Malware Analysis
CNIT - City College of San Francisco via Independent