Computer Science

Computer Science ›› 2025, Vol. 52 ›› Issue (6A): 240400161-8.doi: 10.11896/jsjkx.240400161

• Computer Software & Architecture • Previous Articles     Next Articles

Configuration-guided Directed Kernel Fuzzing for Real-time Linux

SHI Heyuan1,3, CHEN Shijun2,3, ZHANG Qiang4, SHEN Yuheng5, JIANG Yu5, SHI Ronghua1   

  1. 1 School of Electronic Information,Central South University,Changsha 410004,China
    2 School of Computer Science and Engineering,Central South University,Changsha 410012,China
    3 Anhui Province Key Laboratory of Cyberspace Security Situation Awareness and Evaluation,Hefei 230037,China
    4 College of Computer Science and Electronic Engineering,Hunan University,Changsha 410082,China
    5 School of Software,Tsinghua University,Beijing 100084,China
  • Online:2025-06-16 Published:2025-06-12
  • About author:SHI Heyuan,born in 1993,associate professor,is a member of CCF(No.T2400M).His main research interests include software safety and testing,and so on.
    SHEN Yuheng,born in 1998,doctoral student.His main research interests include verification of software and ope-rating system kernel fuzzing.
  • Supported by:
    National Natural Science Foundation of China(62202500),National Key Research and Development Program of China(2022YFB3104003),Hunan Provincial Natural Science Foundation(2023JJ40772),Fund of Anhui Province Key Laboratory of Cyberspace Security Situation Awareness and Evaluation(CSSAE-2023-010) and High Performance Computing Center of Central South University.

PDF (PC)

59

Abstract: The real-time Linux,due to its real-time characteristics,has been widely applied in various high-precision scenarios,which underscores the importance of its own security and reliability.However,the current methods for locating code sections related to real-time are limited,resulting in coverage-oriented kernel fuzzing tools,such as Syzkaller,lacking the ability to test this code comprehensively and thoroughly.To address this issue,this paper proposes a configuration-guided targeted fuzzing approach for the real-time Linux kernel.Our approach first constructs a kernel file tree by combining kernel configuration options,identi-fying real-time feature code,and building test targets.Next,it leverages the inter-function call relationships and basic block addresses within the real-time Linux kernel to define specific testing targets for real-time features.Finally,it utilizes a weight-based seed scheduling strategy to enhance the efficiency of directed testing in kernel fuzzing.In testing tasks across four versions of real-time Linux kernels,the proposed method identifies 58 kernel defects related to real-time features.Compared to general coverage-guided kernel fuzz testing method Syzkaller,our approach achieves a 17.06% increase in the basic block coverage of real-time feature code and a 65.39% improvement in the detection of vulnerabilities related to real-time features.Experimental results demonstrate that this method significantly enhances the capabilities of kernel fuzz testing tools in terms of coverage of real-time feature related code and directed testing ability.

Key words: Real-time Linux, Fuzz testing, Anomaly detect, Kernel configuration

CLC Number: 

  • TP311
[1]ZIKRIA Y B,KIM S W,HAHM O,et al.Internet of Things(IoT) operating systems management:Opportunities,challenges,and solution[J].Sensors,2019,19(8):1793.
[2]WANG C,YANG F,WANG H,et al.Improving real time performance of Linux System using RT-Linux[J].Journal of Physics:Conference Series,2019,1237(5):052017.
[3]ZHU X,WEN S,CAMTEPE S,et al.Fuzzing:a survey for road-map[J].ACM Computing Surveys(CSUR),2022,54(11s):1-36.
[4]LUO Z,ZUO F,SHEN Y,et al.ICS protocol fuzzing:Coverage guided packet crack and generation[C]//2020 57th ACM/IEEE Design Automation Conference(DAC).IEEE,2020:1-6.
[5]FU J,LIANG J,WU Z,et al.Griffin:Grammar-free DBMS fuzzing[C]//Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering.2022:1-12.
[6]WANG R,WANG Q,HU Y,et al.Industry practice of configuration auto-tuning for cloud applications and services[C]//Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering.2022:1555-1565.
[7]ZHANG C,BAI M,ZHENG Y,et al.Understanding Large Language Model Based Fuzz Driver Generation[J].arXiv:2307.12469,2023.
[8]DMITRYV Y,ANDREY K.Syzkaller is an unsupervised coverage-guided kernel fuzzer[OL].https://github.com/google/syzkaller.2015
[9]PAILOOR S,ADAY A,JANAS.{MoonShine}:Optimizing {OS}fuzzer seed selection with trace distillation[C]//27th USENIX Security Symposium(USENIX Security 18).2018:729-743.
[10]SHEN Y,SUN H,JIANG Y,et al.Rtkaller:State-aware task generation for RTOS fuzzing[J].ACM Transactions on Embedded Computing Systems(TECS),2021,20(5s):1-22.
[11]SHEN Y,XU Y,SUN H,et al.Tardis:Coverage-Guided Embedded Operating System Fuzzing[J].IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems,2022,41(11):4563-4574.
[12]SUN H,SHEN Y,LIU J,et al.{KSG}:Augmenting KernelFuzzing with System Call Specification Generation[C]//2022 USENIX Annual Technical Conference(USENIX ATC 22).2022:351-366.
[13]HAMBARDE P,VARMA R,JHA S.The survey of real timeoperating system:RTOS[C]//2014 International Conference on Electronic Systems,Signal Processing and Computing Technologies.IEEE,2014:34-39.
[14]REGHENZANI F,MASSARI G,FORNACIARIW.The real-time linux kernel:A survey on preempt_rt[J].ACM Computing Surveys(CSUR),2019,52(1):1-36.
[15]SU W,FEI H.Survey of Coverage-guided Grey-box Fuzzing[J].Journal of Information Security Research,2022,8(7):643.
[16]BÖHME M,CADAR C,ROYCHOUDHURYA.Fuzzing:Challenges and reflections[J].IEEE Software,2020,38(3):79-86.
[17]Lcamtuf:American fuzzy lop[OL].https://lcamtuf.coredump.cx/afl.2013
[18]BÖHME M,PHAM V T,NGUYEN M D,et al.Directed greybox fuzzing[C]//Proceedings of the 2017 ACM SIGSAC Confe-rence on Computer and Communications Security.2017:2329-2344.
[19]ZHANG J M,CUI Z Q,CHEN X,et al.DeltaFuzz:historicalversion information guided fuzz testing[J].Journal of Computer Science and Technology,2022,37(1):29-49.
[20]ZHU X,BÖHME M.Regression greybox fuzzing[C]//Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security.2021:2169-2182.
[21]YOU W,ZONG P,CHEN K,et al.Semfuzz:Semantics-basedautomatic generation of proof-of-concept exploits[C]//Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security.2017:2139-2154.
[22]LI H,ZHANG C,YANG X,et al.Survey of OS Kernel Fuzzing[J].Journal of Chinese Computer Systems,2019,40(9):1994-1999.
[23]SHI H,WANG R,FU Y,et al.Industry practice of coverage-guided enterprise linux kernel fuzzing[C]//Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering.2019:986-995.
[24]SHI H,WANG G,FU Y,et al.Abaci-finder:Linux kernel crash classification through stack trace similarity learning[J].Journal of Parallel and Distributed Computing,2022,168:70-79.
[1] YIN Wencui, XIE Ping, YE Chengxu, HAN Jiaxin, XIA Xing. Anomaly Detection of Multi-variable Time Series Data Based on Variational Graph Auto-encoders [J]. Computer Science, 2025, 52(6A): 240700124-8.
[2] LIAO Sirui, HUANG Feihu, ZHAN Pengxiang, PENG Jian, ZHANG Linghao. DCDAD:Differentiated Context Dependency for Time Series Anomaly Detection Method [J]. Computer Science, 2025, 52(6): 106-117.
[3] YUAN Ye, CHEN Ming, WU Anbiao, WANG Yishu. Graph Anomaly Detection Model Based on Personalized PageRank and Contrastive Learning [J]. Computer Science, 2025, 52(2): 80-90.
[4] HE Liren, PENG Bo, CHI Mingmin. Unsupervised Multi-class Anomaly Detection Based on Prototype Reverse Distillation [J]. Computer Science, 2025, 52(2): 202-211.
[5] YAN Tingju, CAO Yan, WANG Yijing. Low-power Bluetooth Spoofing Attack Detection Technology Based on RFFAD_DeepSVDD [J]. Computer Science, 2025, 52(2): 380-387.
[6] KONG Lingchao, LIU Guozhu. Review of Outlier Detection Algorithms [J]. Computer Science, 2024, 51(8): 20-33.
[7] GUO Fangyuan, JI Genlin. Video Anomaly Detection Method Based on Dual Discriminators and Pseudo Video Generation [J]. Computer Science, 2024, 51(8): 217-223.
[8] ZENG Zihui, LI Chaoyang, LIAO Qing. Multivariate Time Series Anomaly Detection Algorithm in Missing Value Scenario [J]. Computer Science, 2024, 51(7): 108-115.
[9] FAN Yi, HU Tao, YI Peng. Host Anomaly Detection Framework Based on Multifaceted Information Fusion of SemanticFeatures for System Calls [J]. Computer Science, 2024, 51(7): 380-388.
[10] QIAO Hong, XING Hongjie. Attention-based Multi-scale Distillation Anomaly Detection [J]. Computer Science, 2024, 51(6A): 230300223-11.
[11] PENG Bo, LI Yaodong, GONG Xianfu. Improved K-means Photovoltaic Energy Data Cleaning Method Based on Autoencoder [J]. Computer Science, 2024, 51(6A): 230700070-5.
[12] SI Jia, LIANG Jianfeng, XIE Shuo, DENG Yingjun. Research Progress of Anomaly Detection in IaaS Cloud Operation Driven by Deep Learning [J]. Computer Science, 2024, 51(6A): 230400016-8.
[13] WANG Shuanqi, ZHAO Jianxin, LIU Chi, WU Wei, LIU Zhao. Fuzz Testing Method of Binary Code Based on Deep Reinforcement Learning [J]. Computer Science, 2024, 51(6A): 230800078-7.
[14] WANG Li, CHEN Gang, XIA Mingshan, HU Hao. DUWe:Dynamic Unknown Word Embedding Approach for Web Anomaly Detection [J]. Computer Science, 2024, 51(6A): 230300191-5.
[15] WU Nannan, GUO Zehao, ZHAO Yiming, YU Wei, SUN Ying, WANG Wenjun. Study on Anomalous Evolution Pattern on Temporal Networks [J]. Computer Science, 2024, 51(6): 118-127.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.