TL;DR
G-Fuzz is a novel directed fuzzing framework tailored for gVisor, a lightweight container kernel written in Go, addressing unique challenges and outperforming existing fuzzers like Syzkaller.
Contribution
The paper introduces G-Fuzz, a new directed fuzzing framework specifically designed for gVisor, with innovative methods for distance calculation, syscall inference, and dynamic exploration-exploitation switching.
Findings
G-Fuzz significantly outperforms Syzkaller in kernel fuzzing tasks.
G-Fuzz successfully detected multiple serious vulnerabilities in industry deployments.
The core methods of G-Fuzz are generalizable to other OS kernels.
Abstract
gVisor is a Google-published application-level kernel for containers. As gVisor is lightweight and has sound isolation, it has been widely used in many IT enterprises \cite{Stripe, DigitalOcean, Cloundflare}. When a new vulnerability of the upstream gVisor is found, it is important for the downstream developers to test the corresponding code to maintain the security. To achieve this aim, directed fuzzing is promising. Nevertheless, there are many challenges in applying existing directed fuzzing methods for gVisor. The core reason is that existing directed fuzzers are mainly for general C/C++ applications, while gVisor is an OS kernel written in the Go language. To address the above challenges, we propose G-Fuzz, a directed fuzzing framework for gVisor. There are three core methods in G-Fuzz, including lightweight and fine-grained distance calculation, target related syscall inference…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
