Linux Driver Fuzzing

Dec 19, 2018 | 0 comments

This project is based on Linux Driver to manage system memory, deadlocks and crash.

  • Technique to feed random inputs to system calls present in running kernel
  • Achieved through automated programs.
  • Continuous Process. Keep on thrashing the system calls.
  • Based on Coverage guided fuzzing
  • Starts with basic random input test case
  • Mutates into new test cases
  • Report valid test cases back to corpus
  • Remove redundant ones.

Blockers Encountered –

Custom Kernel

  • No official standard documentation for building custom kernel image from RedHat or Ununtu.
  • Documentation works for one version and fails for another.
  • Not all the kernel source code provided was compiled successfully with the config flags required for fuzzing.
  • Builds with base kernel version and do not include patch/release in final kernel image.
  • Don’t share which config file to pick for building custom kernel
  • Issues faced while building a final package of custom kernel image.

DCS Drivers

  • Unable to load DCS drivers on custom kernel image.
  • No build framework available for building DCS drivers for a particular custom kernel version.
  • Can’t use the existing kernel headers for the same kernel
  • No intelligence in build scripts to separate out Fuzzing kmod and regular kmod packages

Implementation of Linux Fuzzing

Setting up the Environment

  • Install a Linux distribution (e.g., Ubuntu, Debian) on a virtual machine or a dedicated testing environment.
  • Install essential tools like gcc (for compiling), gdb (for debugging), and other dependencies.

Fuzzing Tool Used

  • Skyzkaller: Specifically designed for fuzzing the Linux kernel.

Linux fuzzing is a critical part of securing Linux systems and applications, helping developers identify and fix vulnerabilities before they can be exploited. Proper implementation involves setting up a suitable environment, selecting the right tools, configuring them, and thoroughly analyzing the results to improve the security and stability of the software.

Our Case Studies

We are specialists in both economics and information technologies and we apply our full range of talent to creating the perfect solution for each client’s needs.

Presets Color

Primary
Secondary