Litcius/Paper detail

G-Fuzz: A Directed Fuzzing Framework for gVisor

Yuwei Li, Yuan Chen, Shouling Ji, Xuhong Zhang, Guanglu Yan, Alex X. Liu, Chunming Wu, Zulie Pan, Peng Lin

2023IEEE Transactions on Dependable and Secure Computing14 citationsDOIOpen Access PDF

Abstract

gVisor is a Google-published application-level kernel for containers. As gVisor is lightweight and has sound isolation, it has been widely used in many IT enterprises [1],[2],[3]. When a new vulnerability of the upstream gVisor is found, it is important for the downstream developers to test the corresponding code to maintain the security. To achieve this aim, directed fuzzing is promising. Nevertheless, there are many challenges in applying existing directed fuzzing methods for gVisor. The core reason is that existing directed fuzzers are mainly for general C/C++ applications, while gVisor is an OS kernel written in the Go language. To address the above challenges, we propose G-Fuzz, a directed fuzzing framework for gVisor. There are three core methods in G-Fuzz, including lightweight and fine-grained distance calculation, target related syscall inference and utilization, and exploration and exploitation dynamic switch. Note that the methods of G-Fuzz are general and can be transferred to other OS kernels. We conduct extensive experiments to evaluate the performance of G-Fuzz. Compared to Syzkaller, the state-of-the-art kernel fuzzer, G-Fuzz outperforms it significantly. Furthermore, we have rigorously evaluated the importance for each core method of G-Fuzz. G-Fuzz has been deployed in industry and has detected multiple serious vulnerabilities.

Topics & Concepts

Fuzz testingComputer scienceKernel (algebra)Vulnerability (computing)Programming languageComputer securitySoftwareMathematicsCombinatoricsSecurity and Verification in ComputingSoftware Testing and Debugging TechniquesAdvanced Malware Detection Techniques
G-Fuzz: A Directed Fuzzing Framework for gVisor | Litcius