Drifuzz: Harvesting Bugs in Device Drivers from Golden Seeds

Zekun Shen, Ritik Roongta, Brendan Dolan-Gavitt

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Abstract

    Peripheral hardware in modern computers is typically assumed to be secure and not malicious, and device drivers are implemented in a way that trusts inputs from hardware. However, recent vulnerabilities such as Broadpwn have demonstrated that attackers can exploit hosts through vulnerable peripherals, highlighting the importance of securing the OS-peripheral boundary. In this paper, we propose a hardware-free concolic-augmented fuzzer targeting WiFi and Ethernet drivers, and a technique for generating high-quality initial seeds, which we call golden seeds, that allow fuzzing to bypass difficult code constructs during driver initialization. Compared to prior work using symbolic execution or greybox fuzzing, Drifuzz is more successful at automatically finding inputs that allow network interfaces to be fully initialized, and improves fuzzing coverage by 214% (3.1×) in WiFi drivers and 60% (1.6×) for Ethernet drivers. During our experiments with fourteen PCI and USB network drivers, we find twelve previously unknown bugs, two of which were assigned CVEs.

    Original languageEnglish (US)
    Title of host publicationProceedings of the 31st USENIX Security Symposium, Security 2022
    PublisherUSENIX Association
    Pages1275-1290
    Number of pages16
    ISBN (Electronic)9781939133311
    StatePublished - 2022
    Event31st USENIX Security Symposium, Security 2022 - Boston, United States
    Duration: Aug 10 2022Aug 12 2022

    Publication series

    NameProceedings of the 31st USENIX Security Symposium, Security 2022

    Conference

    Conference31st USENIX Security Symposium, Security 2022
    Country/TerritoryUnited States
    CityBoston
    Period8/10/228/12/22

    ASJC Scopus subject areas

    • Computer Networks and Communications
    • Information Systems
    • Safety, Risk, Reliability and Quality

    Fingerprint

    Dive into the research topics of 'Drifuzz: Harvesting Bugs in Device Drivers from Golden Seeds'. Together they form a unique fingerprint.

    Cite this