Recent advances in program analysis have enabled new platforms capable of automating certain steps in Automated Exploit Generation for complex systems such as the Linux kernel [1,2,3]. Such approaches show promise for prioritizing vulnerabilities based on their practical exploitability [4]. The generalizability and the practicality of such approaches remains to be demonstrated.

This project proposes to integrate kernel AEG approaches with the Linux kernel fuzzer’s [5] dashboard, syzbot [6], to provide augmented information to developers about bug exploitability.

We employ the Linux kernel as target, given its preponderance in Cloud services, smartphones, and many embedded components used throughout critical infrastructure.

Objectives

Specifically, the project could entail:

1. Designing, implementing, and evaluating new analysis passes to assess bug exploitability
2. Designing, implementing, and evaluating fuzzer extensions to automate part of the exploitation process
3. Designing, and implementing an extension to the syzbot dashboard to visualize exploitability

Requirements

Required skills:

• Fuzzing, Memory error exploitation, Linux kernel internals, C programming, Debugging

References

[1] Sean Heelan and Tom Melham and Daniel Kroening, Automatic Heap Layout Manipulation for Exploitation, in Proc. of USENIX Security 2018, 2018.
[2] Wei Wu and Yueqi Chen and Xinyu Xing and Wei Zou, KEPLER: Facilitating Control-flow Hijacking Primitive Evaluation for Linux Kernel Vulnerabilities, in Proc. of USENIX Security 2019, 2019.
[3] Yueqi Chen, Zhenpeng Lin, and Xinyu Xing. A Systematic Study of Elastic Objects in Kernel Exploitation. In Proc. of CCS 2020, 2020.
[4] Zou, X., Li, G., Chen, W., Zhang, H., & Qian, Z. Syzscope: Revealing high-risk security impacts of fuzzer-exposed bugs in linux kernel. In Proc of USENIX Security 22, 2022.
[5] syzkaller, https://github.com/google/syzkaller
[6] syzbot, https://syzkaller.appspot.com/upstream