网络与信息安全学报 (Feb 2024)
Survey of evolutionary kernel fuzzing
Abstract
Fuzzing is a technique that was used to detect potential vulnerabilities and errors in software or systems by generating random, abnormal, or invalid test cases.When applying fuzzing to the kernel, more complex and challenging obstacles were encountered compared to user-space applications.The kernel, being a highly intricate software system, consists of numerous interconnected modules, subsystems, and device drivers, which presented challenges such as a massive codebase, complex interfaces, and runtime uncertainty.Traditional fuzzing methods could only generate inputs that simply satisfied interface specifications and explicit call dependencies, making it difficult to thoroughly explore the kernel.In contrast, evolutionary kernel fuzzing employed heuristic evolutionary strategies to dynamically adjust the generation and selection of test cases, guided by feedback mechanisms.This iterative process aimed to generate higher-quality test cases.Existing work on evolutionary kernel fuzzing was examined.The concept of evolutionary kernel fuzzing was explained, and its general framework was summarized.The existing work on evolutionary kernel fuzzing was classified and compared based on the type of feedback mechanism utilized.The principles of how feedback mechanisms guided evolution were analyzed from the perspectives of collecting, analyzing, and utilizing runtime information.Additionally, the development direction of evolutionary kernel fuzzing was discussed.