Proceedings 2020 Network and Distributed System Security Symposium 2020
DOI: 10.14722/ndss.2020.24018
|View full text |Cite
|
Sign up to set email alerts
|

HFL: Hybrid Fuzzing on the Linux Kernel

Abstract: Hybrid fuzzing, combining symbolic execution and fuzzing, is a promising approach for vulnerability discovery because each approach can complement the other. However, we observe that applying hybrid fuzzing to kernel testing is challenging because the following unique characteristics of the kernel make a naive adoption of hybrid fuzzing inefficient: 1) having indirect control transfers determined by system call arguments, 2) controlling and matching internal system state via system calls, and 3) inferring nest… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
24
0

Year Published

2021
2021
2025
2025

Publication Types

Select...
5
2

Relationship

0
7

Authors

Journals

citations
Cited by 66 publications
(26 citation statements)
references
References 26 publications
0
24
0
Order By: Relevance
“…Therefore, a significant problem is determining how to produce sufficient testinputs. As mentioned in Section IV, there are two approaches in the test-input generation for fuzzers: a mutation-based approach which produces test-inputs according to the random mutation of the test-input files, or the use of predefined L Intriguer [140] L [141] AutoDES [142] L SHFuzz [143] L HFL [144] L FIoT [145] L BugMiner [146] L…”
Section: B Test-input Generationmentioning
confidence: 99%
See 2 more Smart Citations
“…Therefore, a significant problem is determining how to produce sufficient testinputs. As mentioned in Section IV, there are two approaches in the test-input generation for fuzzers: a mutation-based approach which produces test-inputs according to the random mutation of the test-input files, or the use of predefined L Intriguer [140] L [141] AutoDES [142] L SHFuzz [143] L HFL [144] L FIoT [145] L BugMiner [146] L…”
Section: B Test-input Generationmentioning
confidence: 99%
“…al. [118] FAS [126] SymFuzz [130] Taintscope [44] HFL [144] Badger [122] HyDiff [123] Pak et. al [39] Eclipser [137] Saad et.…”
Section: Hfs In Various Areasmentioning
confidence: 99%
See 1 more Smart Citation
“…In contrast to non-oriented fuzzing, coverage-oriented fuzzing [9][10][11][12][13] can use lightweight instrumentation to obtain the runtime information of the program to effectively guide the fuzzing process to pursue high coverage in control flow graph (CFG). For example, by selecting the sample with a new edge as the seed sample for the next round of mutations, the execution of the sample will have a greater possibility of obtaining high coverage [9][10][11]; coverage-oriented fuzzing can also use heavyweight instrumentation to perform dynamic symbol execution [14][15][16][17][18][19][20][21]. This approach transforms external data into symbols to participate in the execution, collects the symbol expressions at each program node, and generates samples that try to execute the full path by solving the expressions.…”
Section: Introductionmentioning
confidence: 99%
“…Coverage-oriented fuzzing [9][10][11][12][13][14][15][16][17][18][19][20][21][23][24][25][26][27][28] increases the probability of triggering vulnerabilities by executing code blocks or paths as much as possible. However, it causes a large quantity of computational resources to be allocated to code that does not have vulnerabilities.…”
Section: Introductionmentioning
confidence: 99%