VDF: Targeted Evolutionary Fuzz Testing of Virtual Devices
نویسندگان
چکیده
As cloud computing becomes more and more prevalent, there is increased interest in mitigating attacks that target hypervisors from within the virtualized guest environments that they host. We present VDF, a targeted evolutionary fuzzing framework for discovering bugs within the software-based virtual devices implemented as part of a hypervisor. To achieve this, VDF selectively instruments the code of a given virtual device, and performs record and replay of memory-mapped I/O (MMIO) activity specific to the virtual device. We evaluate VDF by performing cloud-based parallel fuzz testing of eighteen virtual devices implemented within the QEMU hypervisor, executing over two billion test cases and revealing over one thousand unique crashes or hangs in one third of the tested devices. Our custom test case minimization algorithm further reduces the erroneous test cases into only 18.57% of the original sizes on average.
منابع مشابه
Identifying Vulnerabilities in SCADA Systems via Fuzz-Testing
Security vulnerabilities typically arise from bugs in input validation and in the application logic. Fuzz-testing is a popular security evaluation technique in which hostile inputs are crafted and passed to the target software in order to reveal bugs. However, in the case of SCADA systems, the use of proprietary protocols makes it difficult to apply existing fuzz-testing techniques as they work...
متن کاملHow I Evolved your Fuzzer: Techniques for Black-Box Evolutionary Fuzzing
Fuzz testing is an active testing technique which consists in automatically generating and sending malicious inputs to an application in order to hopefully trigger a vulnerability. Fuzzing entails such questions as: Where to fuzz? Which parameter to fuzz? What kind of anomaly to introduce? Where to observe its effects? etc. Different test contexts depending on the degree of knowledge assumed ab...
متن کاملPut Fuzzy Cognitives Maps to Work in Virtual Worlds
This article lies within the interactive virtual stories telling scope and proposes the use of fuzzy cognitive maps as a tool to model emotional behavior of virtual actors improvising in free interaction within the framework of a “nouvelle vague” scenario, as could Godard do. We show how fuzzy cognitive maps can be delocalized on each agent level to model autonomous agents within a virtual worl...
متن کاملFuzzy Models in Evaluation of Information Uncertainty in Engineering and Technology Applications
The paper studies the problem of information uncertainty evaluation in modern engineering and technology applications and especially system design. It analyses virtual environment design and engineering measurement. Information typical for those applications is classified according to its uncertainty types. Uncertainty sources are identified. Fuzzy theory models are proposed. Examples of their ...
متن کاملA Simulation Environment to Test Fuzzy Navigation Strategies Based on Perceptions
Current work deals with the design and development of a virtual environment to test perception based navigation strategies for a non-holonomic real robot. Physical sensors onboard the robot are described with their main characteristics as virtual perceptual agents. Real environments are represented as polygons to closely mimic geometric shape properties of obstacles and are recorded in a data s...
متن کامل