DevFuzz: Automatic Device Model-Guided Device Driver Fuzzing

Yilun Wu; Tong Zhang; Changhee Jung; Dongyoon Lee

doi:10.1109/SP46215.2023.10179293

DevFuzz: Automatic Device Model-Guided Device Driver Fuzzing

Yilun Wu
, Tong Zhang
, Changhee Jung
, Dongyoon Lee

Computer Science

Stony Brook University
Samsung
Purdue University

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

15 Scopus citations

Abstract

The security of device drivers is critical for the entire operating system's reliability. Yet, it remains very challenging to validate if a device driver can properly handle potentially malicious input from a hardware device. Unfortunately, existing symbolic execution-based solutions often do not scale, while fuzzing solutions require real devices or manual device models, leaving many device drivers under-tested and insecure.This paper presents DevFuzz, a new model-guided device driver fuzzing framework that does not require a physical device. DevFuzz uses symbolic execution to automatically generate the probe model that can guide a fuzzer to properly initialize a device driver under test. DevFuzz also leverages both static and dynamic program analyses to construct MMIO, PIO, and DMA device models to improve the effectiveness of fuzzing further. DevFuzz successfully tested 191 device drivers of various bus types (PCI, USB, RapidIO, I2C) from different operating systems (Linux, FreeBSD, and Windows) and detected 72 bugs, 41 of which have been patched and merged into the mainstream.

Original language	English
Title of host publication	Proceedings - 44th IEEE Symposium on Security and Privacy, SP 2023
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	3246-3261
Number of pages	16
ISBN (Electronic)	9781665493369
DOIs	https://doi.org/10.1109/SP46215.2023.10179293
State	Published - 2023
Event	44th IEEE Symposium on Security and Privacy, SP 2023 - Hybrid, San Francisco, United States Duration: May 22 2023 → May 25 2023

Publication series

Name	Proceedings - IEEE Symposium on Security and Privacy
Volume	2023-May
ISSN (Print)	1081-6011

Conference

Conference	44th IEEE Symposium on Security and Privacy, SP 2023
Country/Territory	United States
City	Hybrid, San Francisco
Period	05/22/23 → 05/25/23

Access to Document

10.1109/SP46215.2023.10179293

Cite this

@inproceedings{525f0e1f7022472994bc0615ed9a18a2,

title = "DevFuzz: Automatic Device Model-Guided Device Driver Fuzzing",

abstract = "The security of device drivers is critical for the entire operating system's reliability. Yet, it remains very challenging to validate if a device driver can properly handle potentially malicious input from a hardware device. Unfortunately, existing symbolic execution-based solutions often do not scale, while fuzzing solutions require real devices or manual device models, leaving many device drivers under-tested and insecure.This paper presents DevFuzz, a new model-guided device driver fuzzing framework that does not require a physical device. DevFuzz uses symbolic execution to automatically generate the probe model that can guide a fuzzer to properly initialize a device driver under test. DevFuzz also leverages both static and dynamic program analyses to construct MMIO, PIO, and DMA device models to improve the effectiveness of fuzzing further. DevFuzz successfully tested 191 device drivers of various bus types (PCI, USB, RapidIO, I2C) from different operating systems (Linux, FreeBSD, and Windows) and detected 72 bugs, 41 of which have been patched and merged into the mainstream.",

author = "Yilun Wu and Tong Zhang and Changhee Jung and Dongyoon Lee",

note = "Publisher Copyright: {\textcopyright} 2023 IEEE.; 44th IEEE Symposium on Security and Privacy, SP 2023 ; Conference date: 22-05-2023 Through 25-05-2023",

year = "2023",

doi = "10.1109/SP46215.2023.10179293",

language = "English",

series = "Proceedings - IEEE Symposium on Security and Privacy",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "3246--3261",

booktitle = "Proceedings - 44th IEEE Symposium on Security and Privacy, SP 2023",

}

Wu, Y, Zhang, T, Jung, C & Lee, D 2023, DevFuzz: Automatic Device Model-Guided Device Driver Fuzzing. in Proceedings - 44th IEEE Symposium on Security and Privacy, SP 2023. Proceedings - IEEE Symposium on Security and Privacy, vol. 2023-May, Institute of Electrical and Electronics Engineers Inc., pp. 3246-3261, 44th IEEE Symposium on Security and Privacy, SP 2023, Hybrid, San Francisco, United States, 05/22/23. https://doi.org/10.1109/SP46215.2023.10179293

DevFuzz: Automatic Device Model-Guided Device Driver Fuzzing. / Wu, Yilun; Zhang, Tong; Jung, Changhee et al.
Proceedings - 44th IEEE Symposium on Security and Privacy, SP 2023. Institute of Electrical and Electronics Engineers Inc., 2023. p. 3246-3261 (Proceedings - IEEE Symposium on Security and Privacy; Vol. 2023-May).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - DevFuzz

T2 - 44th IEEE Symposium on Security and Privacy, SP 2023

AU - Wu, Yilun

AU - Zhang, Tong

AU - Jung, Changhee

AU - Lee, Dongyoon

PY - 2023

Y1 - 2023

N2 - The security of device drivers is critical for the entire operating system's reliability. Yet, it remains very challenging to validate if a device driver can properly handle potentially malicious input from a hardware device. Unfortunately, existing symbolic execution-based solutions often do not scale, while fuzzing solutions require real devices or manual device models, leaving many device drivers under-tested and insecure.This paper presents DevFuzz, a new model-guided device driver fuzzing framework that does not require a physical device. DevFuzz uses symbolic execution to automatically generate the probe model that can guide a fuzzer to properly initialize a device driver under test. DevFuzz also leverages both static and dynamic program analyses to construct MMIO, PIO, and DMA device models to improve the effectiveness of fuzzing further. DevFuzz successfully tested 191 device drivers of various bus types (PCI, USB, RapidIO, I2C) from different operating systems (Linux, FreeBSD, and Windows) and detected 72 bugs, 41 of which have been patched and merged into the mainstream.

AB - The security of device drivers is critical for the entire operating system's reliability. Yet, it remains very challenging to validate if a device driver can properly handle potentially malicious input from a hardware device. Unfortunately, existing symbolic execution-based solutions often do not scale, while fuzzing solutions require real devices or manual device models, leaving many device drivers under-tested and insecure.This paper presents DevFuzz, a new model-guided device driver fuzzing framework that does not require a physical device. DevFuzz uses symbolic execution to automatically generate the probe model that can guide a fuzzer to properly initialize a device driver under test. DevFuzz also leverages both static and dynamic program analyses to construct MMIO, PIO, and DMA device models to improve the effectiveness of fuzzing further. DevFuzz successfully tested 191 device drivers of various bus types (PCI, USB, RapidIO, I2C) from different operating systems (Linux, FreeBSD, and Windows) and detected 72 bugs, 41 of which have been patched and merged into the mainstream.

UR - https://www.scopus.com/pages/publications/85166471383

U2 - 10.1109/SP46215.2023.10179293

DO - 10.1109/SP46215.2023.10179293

M3 - Conference contribution

AN - SCOPUS:85166471383

T3 - Proceedings - IEEE Symposium on Security and Privacy

SP - 3246

EP - 3261

BT - Proceedings - 44th IEEE Symposium on Security and Privacy, SP 2023

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 22 May 2023 through 25 May 2023

ER -

DevFuzz: Automatic Device Model-Guided Device Driver Fuzzing

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this