NtFuzz: Enabling Type-Aware Kernel Fuzzing on Windows with Static Binary Analysis
Although it is common practice for kernel fuzzers to leverage type information of system calls, current Windows kernel fuzzers do not follow the practice as most system calls are private and largely undocumented. In this paper, we present a practical static binary analyzer that automatically infers system call types on Windows at scale. We incorporate our analyzer to NtFuzz, a type-aware Windows kernel fuzzing framework. To our knowledge, this is the first practical fuzzing system that utilizes scalable binary analysis on a COTS OS. With NtFuzz, we found 11 previously unknown kernel bugs, and earned $25, 000 through the bug bounty program offered by Microsoft. All these results confirm the practicality of our system as a kernel fuzzer.
- Publisher
- IEEE
- Issue Date
- 2021-05
- Language
- English
- Citation
42nd IEEE Symposium on Security and Privacy, SP 2021, pp.677 - 693
- ISSN
- 1081-6011
- Appears in Collection
- CS-Conference Papers(학술회의논문)
- Files in This Item
- There are no files associated with this item.
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.