Research And Application Of Fuzzing Technology For Linux Kernel Based On Seed Intelligence Optimization

With the gradual improvement of operating system security and the improvement of security protection software,it becomes more and more difficult for attackers to use user-state vulnerabilities to implement attacks.Therefore,kernel vulnerabilities have become the focus of attackers.The use of kernel vulnerabilities will pose a huge threat to the security of the system,and even completely disrupt the security protection measures.Therefore,vulnerability mining for the kernel has become a research hotspot.Fuzzing,as an efficient vulnerability mining method,is widely used in operating system cores.It can effectively reduce the security risks of system cores,and has achieved good results.However,the blindness of current kernel-oriented fuzzing technology in seed generation and seed operation restricts the code coverage of fuzzing,which leads to inefficient vulnerability mining.In order to solve this problem,this paper presents a seed optimization model based on neural network and a seed optimization model based on dependency analysis from two aspects of seed generation and seed operation.Based on the above methods,the application of fuzzing test technology to typical kernel modules is studied.Specifically,the main research contents of this paper are as follows:1)For blindness in seed generation,a seed optimization model based on neural network,SyzSeed,is presented.First,the workflow of seed optimization model based on neural network is designed from three aspects: seed generation,fuzzing tester interaction and information feedback.In the aspect of seed generation strategy,a new seed file is generated by using the neural network,and a new seed file is designed by serializing and deserializing the seed file according to the grammar template.In the area of fuzzing tester interaction strategies,classify according to the value of seed files,use different strategies to process in different types of queues,and make the whole system run efficiently through the collaboration between different seed queues.In the information feedback strategy,code coverage is collected through KCOV during the fuzzing process,and system memory vulnerabilities are discovered through tools such as KASAN.Experiments show that the proposed model SyzSeed improves the seed execution success rate by 16% and the code coverage by 4.65% compared with Syzkaller.2)Based on 1)the research work,a seed optimization model SyzMix based on dependency analysis is proposed for the blindness of seed running.First,the seed optimization model workflow based on dependency analysis is designed from the aspects of system call explicit dependency,system call implicit dependency,and system call dependency table.Further,in terms of explicit dependencies on system calls,the dependencies among system calls in seed files are analyzed according to specific grammar rules.Explicit dependencies on system calls are obtained through static analysis.Explicit dependencies on system calls allow better combinations of system calls to be selected before the fuzzing process starts.In the aspect of implicit dependency of system call,implicit dependency is obtained by dynamic analysis.Implicit dependency can effectively guide the execution of fuzzing.Combine the two to obtain a system call dependency table,which is updated continuously during the fuzzing process to achieve higher code coverage.Combining different seed mutation strategies,more diverse seed types can be obtained at runtime.Experiments show that the proposed model SyzMix improves the code coverage by 7.87% compared with Syzkaller.3)On the basis of 1)and 2),the kernel fuzzing architecture SyzDriver based on seed intelligent optimization is designed.For typical kernel modules such as network device module and USB module,the specific problems in specific applications are analyzed,and the corresponding customized design scheme is proposed to improve the fuzzing capability for typical kernel modules.Experiments show that the code coverage of the network protocol module and the USB module can be increased by 9.10% and 7.37% respectively,compared with Syzkaller.The applicability and validity of the proposed model SyzDriver in typical modules are verified.