SubjectAn Advanced and Extensive Fuzzing Framework for File System Testing
Date2019.08.02 (Fri) 16:00-17:00
SpeakerTaesoo Kim Associate Professor
File systems are too big to be bug free. While hand-written test suites have been widely used to stress file systems, the growth of the test pool can hardly keep up with the rapid increase in file system size and complexity, leading to new bugs being introduced and reported regularly.
Moreover, file system bugs come in various flavors, ranging from simple buffer overflows to sophisticated semantic bugs.
Although bug-specific checkers exist, they generally lack a way to explore file system states thoroughly. More importantly, there lacks a turnkey solution that unifies the checking effort of various aspects of a file system in one umbrella.
In this talk, we will show the potential of applying fuzzing to find not just memory errors, but in theory, any type of file system bugs with an extensible fuzzing framework: Hydra. Hydra provides building blocks for file system fuzzing, including input mutators, feedback engines, a libOS-based executor, and a bug reproducer with test case minimization. As a result, developers only need to focus on building the core logic for finding bugs of their own interests.
We showcase the effectiveness of Hydra with four checkers that hunt crash inconsistency, POSIX violations, logic assertion failures and memory errors, respectively. So far, Hydra has discovered 95 new bugs in Linux file systems, including one in a verified file system (FSCQ).
Fuzzing File Systems via Two-Dimensional Input Space Exploration, S&P'19
Finding Semantic Bugs in File Systems with an Extensible Fuzzing Framework, SOSP'19
Taesoo Kim is an associate professor in the School Computer Science at Georgia Tech. He also serves as the director of the Georgia Tech Systems Software and
Security Center (GTS3). He is genuinely interested in building a system that has underline principles for why it should be secure. Those principles include
the design of the system, analysis of its implementation, elimination of certain classes of vulnerabilities, and clear separation of its trusted components. He holds a SM (2011) and a Ph.D. (2014) from MIT EECS.