There are no files associated with this item.
Full metadata record
DC Field | Value | Language |
---|---|---|
dc.citation.conferencePlace | US | - |
dc.citation.conferencePlace | San Francisco | - |
dc.citation.endPage | 834 | - |
dc.citation.startPage | 818 | - |
dc.citation.title | IEEE Symposium on Security and Privacy | - |
dc.contributor.author | Xu, Wen | - |
dc.contributor.author | Moon, Hyungon | - |
dc.contributor.author | Kashyap, Sanidhya | - |
dc.contributor.author | Tseng, Po-Ning | - |
dc.contributor.author | Kim, Taesoo | - |
dc.date.accessioned | 2024-02-01T00:10:53Z | - |
dc.date.available | 2024-02-01T00:10:53Z | - |
dc.date.created | 2019-12-17 | - |
dc.date.issued | 2019-05-21 | - |
dc.description.abstract | File systems, a basic building block of an OS, are too big and too complex to be bug free. Nevertheless, file systems rely on regular stress-testing tools and formal checkers to find bugs, which are limited due to the ever-increasing complexity of both file systems and OSes. Thus, fuzzing, proven to be an effective and a practical approach, becomes a preferable choice, as it does not need much knowledge about a target. However, three main challenges exist in fuzzing file systems: mutating a large image blob that degrades overall performance, generating image-dependent file operations, and reproducing found bugs, which is difficult for existing OS fuzzers. Hence, we present JANUS, the first feedback-driven fuzzer that explores the two-dimensional input space of a file system, i.e., mutating metadata on a large image, while emitting image-directed file operations. In addition, JANUS relies on a library OS rather than on traditional VMs for fuzzing, which enables JANUS to load a fresh copy of the OS, thereby leading to better reproducibility of bugs. We evaluate JANUS on eight file systems and found 90 bugs in the upstream Linux kernel, 62 of which have been acknowledged. Forty-three bugs have been fixed with 32 CVEs assigned. In addition, JANUS achieves higher code coverage on all the file systems after fuzzing 12 hours, when compared with the state-of-the-art fuzzer Syzkaller for fuzzing file systems. JANUS visits 4.19x and 2.01x more code paths in Btrfs and ext4, respectively. Moreover, JANUS is able to reproduce 88-100% of the crashes, while Syzkaller fails on all of them. | - |
dc.identifier.bibliographicCitation | IEEE Symposium on Security and Privacy, pp.818 - 834 | - |
dc.identifier.doi | 10.1109/SP.2019.00035 | - |
dc.identifier.scopusid | 2-s2.0-85071913193 | - |
dc.identifier.uri | https://scholarworks.unist.ac.kr/handle/201301/79779 | - |
dc.identifier.url | https://ieeexplore.ieee.org/document/8835267 | - |
dc.language | 영어 | - |
dc.publisher | Institute of Electrical and Electronics Engineers Inc. | - |
dc.title | Fuzzing file systems via two-dimensional input space exploration | - |
dc.type | Conference Paper | - |
dc.date.conferenceDate | 2019-05-19 | - |
Items in Repository are protected by copyright, with all rights reserved, unless otherwise indicated.
Tel : 052-217-1404 / Email : scholarworks@unist.ac.kr
Copyright (c) 2023 by UNIST LIBRARY. All rights reserved.
ScholarWorks@UNIST was established as an OAK Project for the National Library of Korea.