SaTC: CORE: Small: Collaborative: Deep and Efficient Dynamic Analysis of Operating System Kernels

SaTC：核心：小型：协作：操作系统内核的深入有效的动态分析

• 批准号: 1953933
• 负责人: Zhiyun Qian
• 金额: $ 25万
• 依托单位: University of California-Riverside
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2020
• 资助国家: 美国
• 起止时间: 2020-07-15 至 2024-06-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1953933&HistoricalAwards=false
• 关键词: SaTC; CORE; Small; Collaborative; Deep

The objective of this project is to improve the security of operating system (OS) kernels through deep analysis and testing. OS kernels are the foundation of computer systems such as personal computers, smartphones, servers, as well as the Internet infrastructure in general. Modern OS kernels are enormously complex and contain a large number of security vulnerabilities that slip through the testing phase onto end devices. Unfortunately, the state-of-the-art testing solution is insufficient as deeper parts of the OS remain hard-to-reach and therefore largely untested. The project aims to solve this precise issue by developing a set of innovative dynamic analysis and testing techniques that will greatly improve the security and quality of OS kernels. The results will benefit the security of virtually all computing devices. The state-of-the-art testing technique for OS kernels is called fuzz testing, which generates random inputs in the hope that they will exercise various parts of the kernel code. It has two unique bottlenecks: (1) space bottlenecks that prevent the fuzzer from reaching desired code blocks and triggering potential vulnerabilities, i.e., dependencies among syscalls, and (2) time bottlenecks that force the fuzzer to stop its execution for some period of time, resulting in wasted fuzz time, i.e., repetitive reboots where the same bugs are triggered repetitively. The project will develop a set of program analysis techniques to improve fuzz testing of OS kernels by making the fuzzer more intelligent in resolving dependencies and by helping it avoid repetitive reboots.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

该项目的目标是通过深入的分析和测试来提高操作系统（OS）内核的安全性。操作系统内核是计算机系统的基础，如个人电脑、智能手机、服务器以及一般的互联网基础设施。现代操作系统内核非常复杂，并且包含大量的安全漏洞，这些漏洞会在测试阶段溜到终端设备上。不幸的是，最先进的测试解决方案是不够的，因为操作系统的深层部分仍然难以触及，因此大部分未经过测试。该项目旨在通过开发一套创新的动态分析和测试技术来解决这个问题，这些技术将大大提高操作系统内核的安全性和质量。其结果将有利于几乎所有计算设备的安全性。最先进的操作系统内核测试技术称为模糊测试，它生成随机输入，希望它们能够测试内核代码的各个部分。它有两个独特的瓶颈：(1)空间瓶颈，防止fuzzer到达所需的代码块并触发潜在的漏洞，即系统调用之间的依赖关系；(2)时间瓶颈，迫使fuzzer停止执行一段时间，导致浪费的模糊时间，即，重复重新启动，其中重复触发相同的错误。该项目将开发一套程序分析技术，通过使模糊器在解决依赖关系方面更加智能，并帮助它避免重复重启，从而改进操作系统内核的模糊测试。该奖项反映了美国国家科学基金会的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

SyzDescribe: Principled, Automated, Static Generation of Syscall Descriptions for Kernel Drivers

SyzDescribe：原则性、自动化、静态生成内核驱动程序的系统调用描述

• DOI: 10.1109/sp46215.2023.10179298
• 发表时间: 2023
• 期刊: IEEE
• 作者: Hao, Yu;Li, Guoren;Zou, Xiaochen;Chen, Weiteng;Zhu, Shitong;Qian, Zhiyun;Sani, Ardalan Amiri
• 通讯作者: Sani, Ardalan Amiri

Demystifying the Dependency Challenge in Kernel Fuzzing

• DOI: 10.1145/3510003.3510126
• 发表时间: 2022-05
• 期刊: 2022 IEEE/ACM 44th International Conference on Software Engineering (ICSE)
• 作者: Yu Hao;Hang Zhang;Guoren Li;Xingyun Du;Zhiyun Qian;A. A. Sani-A.

Undo Workarounds for Kernel Bugs

• 发表时间: 2021
• 作者: S. Talebi;Zhihao Yao;A. A. Sani-A.;Zhiyun Qian;D. Austin

SyzScope: Revealing High-Risk Security Impacts of Fuzzer-Exposed Bugs

SyzScope：揭示模糊器暴露的错误的高风险安全影响

• 发表时间: 2022
• 期刊: USENIX Security
• 作者: Zou, Xiaochen;Li, Guoren;Chen, Weiteng;Zhang, Hang;Qian, Zhiyun
• 通讯作者: Qian, Zhiyun