about summary refs log tree commit diff stats

Research work based on syzkaller

Dear researchers, feel free to contact us at syzkaller@googlegroups.com if you need any assistance.

newer first * Unlocking Low Frequency Syscalls in Kernel Fuzzing with Dependency-Based RAG (pdf, source code) * A Little Goes a Long Way: Tuning Configuration Selection for Continuous Kernel Fuzzing * SyzDirect: Directed Greybox Fuzzing for Linux Kernel * KIT: Testing OS-Level Virtualization for Functional Interference Bugs * SyzDescribe: Principled, Automated, Static Generation of Syscall Descriptions for Kernel Drivers * GREBE: Unveiling Exploitation Potential for Linux Kernel Bugs * Precise Detection of Kernel Data Races with Probabilistic Lockset Analysis * Linux Kernel Enriched Corpus : corpus.db * HotBPF - An On-demand and On-the-fly Memory Protection * KASPER: Scanning for Generalized Transient Execution Gadgets in the Linux Kernel * VaultFuzzer: A state-based approach for Linux kernel * Demystifying the Dependency Challenge in Kernel Fuzzing * SyzVegas: Beating Kernel Fuzzing Odds with Reinforcement Learning * SyzScope: Revealing High-Risk Security Impacts of Fuzzer-Exposed Bugs in Linux kernel * Rtkaller: State-aware Task Generation for RTOS Fuzzing * BSOD: Binary-only Scalable fuzzing Of device Drivers * Torpedo: A Fuzzing Framework for Discovering Adversarial Container Workloads * Healer is a kernel fuzzer inspired by syzkaller. (pdf) * SyzGen: Automated Generation of Syscall Specification of Closed-Source macOS Drivers (source code) * Snowboard: Finding Kernel Concurrency Bugs through Systematic Inter-thread Communication Analysis * Undo Workarounds for Kernel Bugs (source code) * HFL: Hybrid Fuzzing on the Linux Kernel * A Novel Dynamic Analysis Infrastructure to Instrument Untrusted Execution Flow Across User-Kernel Spaces * Industry Practice of Coverage-Guided Enterprise Linux Kernel Fuzzing * Agamotto: Accelerating Kernel Driver Fuzzing with Lightweight Virtual Machine Checkpoints (source code) * Empirical Notes on the Interaction Between Continuous Kernel Fuzzing and Development * FastSyzkaller: Improving Fuzz Efficiency for Linux Kernel Fuzzing * Charm: Facilitating Dynamic Analysis of Device Drivers of Mobile Systems (video, slides, source code) * ALEXKIDD-FUZZER: Kernel Fuzzing Guided by Symbolic Information * DIFUZE: Interface Aware Fuzzing for Kernel Drivers * MoonShine: Optimizing OS Fuzzer Seed Selection with Trace Distillation * RAZZER: Finding Kernel Race Bugs through Fuzzing * SemFuzz: Semantics-based Automatic Generation of Proof-of-Concept Exploits * Towards Automating Exploit Generation for Arbitrary Types of Kernel Vulnerabilities * KOOBE: Towards Facilitating Exploit Generation of Kernel Out-Of-Bounds Write Vulnerabilities * Synthesis of Linux Kernel Fuzzing Tools Based on Syscall * Drill the Apple Core: Up & Down * WSL Reloaded

Other kernel fuzzing work

Hydra: Finding Semantic Bugs in File Systems with an Extensible Fuzzing Framework (github)
Janus: Fuzzing File Systems via Two-Dimensional Input Space Exploration (github)
CoLaFUZE: Coverage-Guided and Layout-Aware Fuzzing for Android Drivers
KRACE: Data Race Fuzzing for Kernel File Systems
trinity
kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels (bridges AFL and Intel PT)
kernel-fuzzing (bridges AFL and KCOV)
A gentle introduction to Linux Kernel fuzzing (bridges AFL and KCOV)
IMF: Inferred Model-based Fuzzer

Also see tech talks page.